CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1112 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2025-1112
09 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users. • https://www.ibm.com/support/pages/node/7239151 • CWE-282: Improper Ownership Management •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27369 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2025-27369
08 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system. • https://www.ibm.com/support/pages/node/7239155 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49784 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-49784
08 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data. • https://www.ibm.com/support/pages/node/7239145 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43039 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2023-43039
08 Jul 2025 — IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session • https://www.ibm.com/support/pages/node/7238923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37527 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2024-37527
27 Jan 2025 — IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35117 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-35117
11 Dec 2024 — IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. • https://www.ibm.com/support/pages/node/7165392 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27257 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-27257
10 Sep 2024 — IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. IBM OpenPages 8.3 y 9.0 potencialmente expone información sobre el código fuente del lado del cliente mediante el uso de mapas de origen de JavaScript a usuarios no autorizados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283966 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35151 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-35151
22 Aug 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. • https://www.ibm.com/support/pages/node/7165959 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40683 – IBM OpenPages with Watson privilege escalation
https://notcve.org/view.php?id=CVE-2023-40683
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorizac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
19 Jan 2024 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages ut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 • CWE-257: Storing Passwords in a Recoverable Format •