CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35117 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-35117
11 Dec 2024 — IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. • https://www.ibm.com/support/pages/node/7165392 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27257 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-27257
10 Sep 2024 — IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. IBM OpenPages 8.3 y 9.0 potencialmente expone información sobre el código fuente del lado del cliente mediante el uso de mapas de origen de JavaScript a usuarios no autorizados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283966 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35151 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-35151
22 Aug 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. • https://www.ibm.com/support/pages/node/7165959 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40683 – IBM OpenPages with Watson privilege escalation
https://notcve.org/view.php?id=CVE-2023-40683
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorizac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages ut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29907
https://notcve.org/view.php?id=CVE-2021-29907
31 Aug 2021 — IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. IBM OpenPages con Watson versiones 8.1 y 8.2, podría permitir a un usuario autenticado cargar un archivo que podría ejecutar código arbitrario en el sistema. IBM X-Force ID: 207633 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207633 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4536
https://notcve.org/view.php?id=CVE-2020-4536
11 May 2021 — IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907. IBM OpenPages GRC Platform versión 8.1, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usado en nuevos ataques contra el sistem... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182907 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4535
https://notcve.org/view.php?id=CVE-2020-4535
11 May 2021 — IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906. IBM OpenPages GRC Platform versión 8.1 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1679
https://notcve.org/view.php?id=CVE-2017-1679
10 Sep 2018 — IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001. IBM OpenPages GRC Platform 7.2, 7.3, 7.4 y 8.0 podría permitir que un atacante obtenga información sensible de archivos de registro de errores. IBM X-Force ID: 134001 • https://exchange.xforce.ibmcloud.com/vulnerabilities/134001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0234
https://notcve.org/view.php?id=CVE-2016-0234
30 Aug 2018 — IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. IBM OpenPages GRC Platform 7.1, 7.2 y 7.3 podría permtir que un usuario local obtenga información sensible cuando un usuario anterior ha cerrado su sesión en el sistema, pero no ha cerrado su navegador. IBM X-Force ID: 110303. • http://www-01.ibm.com/support/docview.wss?uid=swg21997687 • CWE-613: Insufficient Session Expiration •