Ibm

Openpages With Watson

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-49344

  • EPSS 0.07%
  • Veröffentlicht 20.02.2025 12:15:10
  • Zuletzt bearbeitet 11.03.2025 14:02:39

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

5.4

CVE-2024-49337

  • EPSS 0.08%
  • Veröffentlicht 20.02.2025 12:15:09
  • Zuletzt bearbeitet 11.03.2025 14:06:18

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could explo...

8.2

CVE-2024-49782

  • EPSS 0.17%
  • Veröffentlicht 20.02.2025 04:15:10
  • Zuletzt bearbeitet 11.03.2025 14:19:11

IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notificati...

6.5

CVE-2024-49780

  • EPSS 0.05%
  • Veröffentlicht 20.02.2025 04:15:10
  • Zuletzt bearbeitet 11.03.2025 14:37:00

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequ...

6.5

CVE-2024-49355

  • EPSS 0.07%
  • Veröffentlicht 20.02.2025 04:15:10
  • Zuletzt bearbeitet 11.03.2025 14:51:01

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

4.3

CVE-2024-43196

  • EPSS 0.08%
  • Veröffentlicht 20.02.2025 04:15:09
  • Zuletzt bearbeitet 11.03.2025 14:57:13

IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.

5.4

CVE-2024-37527

  • EPSS 0.05%
  • Veröffentlicht 27.01.2025 16:15:30
  • Zuletzt bearbeitet 11.03.2025 18:14:30

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...

5.4

CVE-2024-43176

  • EPSS 0.07%
  • Veröffentlicht 09.01.2025 14:15:26
  • Zuletzt bearbeitet 29.09.2025 22:26:24

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

4.4

CVE-2024-35117

  • EPSS 0.06%
  • Veröffentlicht 11.12.2024 02:15:05
  • Zuletzt bearbeitet 10.03.2025 18:12:39

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

4.3

CVE-2024-27257

  • EPSS 0.07%
  • Veröffentlicht 10.09.2024 15:15:15
  • Zuletzt bearbeitet 16.09.2024 14:26:15

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.