cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49344,https://securityvulnerability.io/vulnerability/CVE-2024-49344,Session Management Flaw in IBM OpenPages with Watson,"An insufficient session management vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0, where a chat session remains active even after the user logs out. This flaw allows unauthorized access to ongoing chat interactions, potentially exposing sensitive information. Proper management of user sessions is crucial for maintaining the security of user data, and this issue requires immediate attention to prevent potential data breaches.",IBM,Openpages With Watson,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49781,https://securityvulnerability.io/vulnerability/CVE-2024-49781,XML External Entity Injection Vulnerability in IBM OpenPages by IBM,"IBM OpenPages versions 8.3 and 9.0 are susceptible to an XML External Entity (XXE) injection flaw. This vulnerability arises from the way the software processes XML data, enabling remote attackers to exploit the system. By leveraging this vulnerability, malicious users can potentially disclose sensitive information or exhaust system resources, posing significant risks to data integrity and application performance.",IBM,Openpages With Watson,7.1,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49337,https://securityvulnerability.io/vulnerability/CVE-2024-49337,HTML Injection Vulnerability in IBM OpenPages by IBM,"IBM OpenPages versions 8.3 and 9.0 are susceptible to an HTML injection vulnerability due to inadequate validation of user inputs in text fields employed to compose workflow email notifications. This flaw can be leveraged by remote authenticated attackers who include HTML tags in text fields of certain objects. As a result, malicious scripts can be injected into emails, which are executed in the context of the OpenPages mail client. This exploit potentially paves the way for phishing schemes and identity theft, posing significant security risks to users.",IBM,Openpages With Watson,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49779,https://securityvulnerability.io/vulnerability/CVE-2024-49779,Authentication Bypass Vulnerability in IBM OpenPages by IBM,"The vulnerability in IBM OpenPages with Watson versions 8.3 and 9.0 poses a significant security risk, allowing remote attackers to exploit improper validation of authentication cookies. By manipulating the CSRF token and Session ID cookie parameters, an attacker can potentially bypass security restrictions, leading to unauthorized access to sensitive application data. It is crucial for users of IBM OpenPages to be aware of this vulnerability and take necessary precautions.",IBM,Openpages With Watson,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49780,https://securityvulnerability.io/vulnerability/CVE-2024-49780,Directory Traversal Vulnerability in IBM OpenPages by IBM,"The vulnerability in IBM OpenPages permits remote attackers with specific privileges to exploit the Import Configuration feature. By sending a crafted HTTP request containing 'dot dot' sequences ('/../'), attackers can navigate the directory structure and write files to unauthorized locations. This could lead to the overwriting of arbitrary files, potentially compromising the integrity and security of the system.",IBM,Openpages With Watson,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-20T03:49:09.533Z,0
CVE-2024-49782,https://securityvulnerability.io/vulnerability/CVE-2024-49782,Remote Email Spoofing Vulnerability in IBM OpenPages,"A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that may allow a remote attacker to spoof the identity of the mail server when SSL/TLS security is used. This could enable attackers to exploit the weakness to gain unauthorized access to sensitive information delivered through email notifications generated by OpenPages, or to disrupt the delivery of these notifications, posing significant risks to data confidentiality.",IBM,Openpages With Watson,6.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-02-20T03:46:38.398Z,0
CVE-2024-43196,https://securityvulnerability.io/vulnerability/CVE-2024-43196,Data Manipulation Vulnerability in IBM OpenPages with Watson,"An authenticated user in IBM OpenPages with Watson versions 8.3 and 9.0 could exploit a vulnerability in the Questionnaires application. This vulnerability allows the user to manipulate existing data, leading to potential spoofing of responses submitted by other users, thereby compromising the integrity of the data.",IBM,Openpages With Watson,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-20T03:42:12.195Z,0
CVE-2024-49355,https://securityvulnerability.io/vulnerability/CVE-2024-49355,Data Logging Vulnerability in IBM OpenPages with Watson,A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that may allow improperly neutralized data to be written to server log files when the tracing feature is enabled. This issue could potentially expose sensitive information if exploited. Users are advised to disable the tracing setting and monitor for any suspicious log activity.,IBM,Openpages With Watson,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-20T03:40:05.396Z,0
CVE-2024-37527,https://securityvulnerability.io/vulnerability/CVE-2024-37527,Cross-Site Scripting Vulnerability in IBM OpenPages by IBM,"IBM OpenPages with Watson versions 8.3 and 9.0 is susceptible to a cross-site scripting vulnerability that enables authenticated users to inject arbitrary JavaScript into the Web UI. This malicious code execution may disrupt the application's intended behavior, posing a risk of unauthorized access to sensitive user credentials during trusted sessions.",IBM,Openpages With Watson,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-27T15:49:59.235Z,0
CVE-2024-43176,https://securityvulnerability.io/vulnerability/CVE-2024-43176,Information Disclosure in IBM OpenPages by Authenticated Users,"IBM OpenPages version 9.0 features a vulnerability where authenticated users may access sensitive information, including configurations intended exclusively for privileged users. This oversight could lead to unintentional exposure of critical system information, potentially compromising the integrity of data and the security posture of the environment.",IBM,Openpages,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T14:03:37.176Z,0
CVE-2024-35117,https://securityvulnerability.io/vulnerability/CVE-2024-35117,Sensitive Information at Risk of Being Written to Clear Text Log Files,"IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.",IBM,Openpages With Watson,4.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-12-11T02:15:00.000Z,0
CVE-2024-27257,https://securityvulnerability.io/vulnerability/CVE-2024-27257,IBM OpenPages Vulnerability: Unauthorized Access to Client-Side Source Code via JavaScript Source Maps,IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.,IBM,Openpages,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-10T14:24:20.430Z,0
CVE-2024-35151,https://securityvulnerability.io/vulnerability/CVE-2024-35151,"{""name"":""Improper Authorization in OpenPages with Watson APIs""}",IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.,IBM,Openpages With Watson,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-22T10:12:55.160Z,0
CVE-2023-40683,https://securityvulnerability.io/vulnerability/CVE-2023-40683,IBM OpenPages with Watson privilege escalation,"IBM OpenPages with Watson versions 8.3 and 9.0 are susceptible to an authorization bypass vulnerability stemming from inadequate authorization checks. This security flaw allows a remote attacker, once authenticated as an OpenPages user, to exploit non-public APIs. Consequently, the attacker can bypass stipulated security restrictions, leading to the potential for unauthorized administrative access to the application. Organizations utilizing these versions should prioritize implementing security measures to safeguard their systems against such threats.",IBM,Openpages With Watson,8.8,HIGH,0.0015999999595806003,false,,false,false,false,,,false,false,,2024-01-19T00:54:43.947Z,0
CVE-2023-38738,https://securityvulnerability.io/vulnerability/CVE-2023-38738,IBM OpenPages with Watson information disclosure,"A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that could compromise security when using Native authentication. An attacker with access to the OpenPages database could exploit this weakness through a series of crafted actions. This could lead to unauthorized access to other accounts within the OpenPages environment, highlighting a potential risk for organizations relying on this authentication method.",IBM,OpenPages with Watson,8.1,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-01-19T00:41:22.409Z,0
CVE-2021-29907,https://securityvulnerability.io/vulnerability/CVE-2021-29907,Remote Code Execution Vulnerability in IBM OpenPages by IBM,"An authentication flaw in IBM OpenPages with Watson versions 8.1 and 8.2 allows an authenticated user to upload malicious files, potentially enabling the execution of arbitrary code on the server. This vulnerability could jeopardize the integrity and confidentiality of the entire system, making it essential for users to review their security posture and apply necessary mitigations. For further details, refer to the official IBM support page and the IBM X-Force research database.",IBM,Openpages With Watson,8.8,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2021-08-31T16:15:00.000Z,0
CVE-2020-4535,https://securityvulnerability.io/vulnerability/CVE-2020-4535,Cross-Site Scripting Vulnerability in IBM OpenPages GRC Platform,IBM OpenPages GRC Platform 8.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability that allows attackers to inject arbitrary JavaScript into the web user interface. This potentially jeopardizes user credentials by manipulating the intended functionality within a trusted session. It is imperative for users and administrators to take proactive measures to secure their applications against this type of threat.,IBM,Openpages Grc Platform,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-05-11T16:15:00.000Z,0
CVE-2020-4536,https://securityvulnerability.io/vulnerability/CVE-2020-4536,Information Disclosure Vulnerability in IBM OpenPages GRC Platform,"The IBM OpenPages GRC Platform 8.1 is susceptible to an information disclosure vulnerability that could enable a remote attacker to retrieve sensitive information through detailed technical error messages displayed in the browser. This leakage of data can facilitate subsequent targeted attacks on the system, potentially compromising its security and integrity. For further details, visit the IBM support page or consult the IBM X-Force ID documentation.",IBM,Openpages Grc Platform,4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-05-11T16:15:00.000Z,0
CVE-2017-1679,https://securityvulnerability.io/vulnerability/CVE-2017-1679,,"IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.",IBM,Openpages Grc Platform,6.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-09-10T14:29:00.000Z,0
CVE-2016-0234,https://securityvulnerability.io/vulnerability/CVE-2016-0234,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.",IBM,Openpages Grc Platform,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-08-30T16:29:00.000Z,0
CVE-2017-1300,https://securityvulnerability.io/vulnerability/CVE-2017-1300,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.",IBM,Openpages Grc Platform,8.8,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2017-11-01T21:29:00.000Z,0
CVE-2017-1147,https://securityvulnerability.io/vulnerability/CVE-2017-1147,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-11-01T21:29:00.000Z,0
CVE-2017-1290,https://securityvulnerability.io/vulnerability/CVE-2017-1290,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-11-01T21:29:00.000Z,0
CVE-2016-3048,https://securityvulnerability.io/vulnerability/CVE-2016-3048,,"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.",IBM,Openpages Grc Platform,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-11-01T21:29:00.000Z,0
CVE-2017-1148,https://securityvulnerability.io/vulnerability/CVE-2017-1148,,IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.,IBM,Openpages Grc Platform,5.3,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2017-11-01T21:29:00.000Z,0