cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49337,https://securityvulnerability.io/vulnerability/CVE-2024-49337,HTML Injection Vulnerability in IBM OpenPages by IBM,"IBM OpenPages versions 8.3 and 9.0 are susceptible to an HTML injection vulnerability due to inadequate validation of user inputs in text fields employed to compose workflow email notifications. This flaw can be leveraged by remote authenticated attackers who include HTML tags in text fields of certain objects. As a result, malicious scripts can be injected into emails, which are executed in the context of the OpenPages mail client. This exploit potentially paves the way for phishing schemes and identity theft, posing significant security risks to users.",IBM,Openpages With Watson,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49781,https://securityvulnerability.io/vulnerability/CVE-2024-49781,XML External Entity Injection Vulnerability in IBM OpenPages by IBM,"IBM OpenPages versions 8.3 and 9.0 are susceptible to an XML External Entity (XXE) injection flaw. This vulnerability arises from the way the software processes XML data, enabling remote attackers to exploit the system. By leveraging this vulnerability, malicious users can potentially disclose sensitive information or exhaust system resources, posing significant risks to data integrity and application performance.",IBM,Openpages With Watson,7.1,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49779,https://securityvulnerability.io/vulnerability/CVE-2024-49779,Authentication Bypass Vulnerability in IBM OpenPages by IBM,"The vulnerability in IBM OpenPages with Watson versions 8.3 and 9.0 poses a significant security risk, allowing remote attackers to exploit improper validation of authentication cookies. By manipulating the CSRF token and Session ID cookie parameters, an attacker can potentially bypass security restrictions, leading to unauthorized access to sensitive application data. It is crucial for users of IBM OpenPages to be aware of this vulnerability and take necessary precautions.",IBM,Openpages With Watson,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49344,https://securityvulnerability.io/vulnerability/CVE-2024-49344,Session Management Flaw in IBM OpenPages with Watson,"An insufficient session management vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0, where a chat session remains active even after the user logs out. This flaw allows unauthorized access to ongoing chat interactions, potentially exposing sensitive information. Proper management of user sessions is crucial for maintaining the security of user data, and this issue requires immediate attention to prevent potential data breaches.",IBM,Openpages With Watson,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-20T12:15:00.000Z,0
CVE-2024-49780,https://securityvulnerability.io/vulnerability/CVE-2024-49780,Directory Traversal Vulnerability in IBM OpenPages by IBM,"The vulnerability in IBM OpenPages permits remote attackers with specific privileges to exploit the Import Configuration feature. By sending a crafted HTTP request containing 'dot dot' sequences ('/../'), attackers can navigate the directory structure and write files to unauthorized locations. This could lead to the overwriting of arbitrary files, potentially compromising the integrity and security of the system.",IBM,Openpages With Watson,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-20T03:49:09.533Z,0
CVE-2024-49782,https://securityvulnerability.io/vulnerability/CVE-2024-49782,Remote Email Spoofing Vulnerability in IBM OpenPages,"A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that may allow a remote attacker to spoof the identity of the mail server when SSL/TLS security is used. This could enable attackers to exploit the weakness to gain unauthorized access to sensitive information delivered through email notifications generated by OpenPages, or to disrupt the delivery of these notifications, posing significant risks to data confidentiality.",IBM,Openpages With Watson,6.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-02-20T03:46:38.398Z,0
CVE-2024-43196,https://securityvulnerability.io/vulnerability/CVE-2024-43196,Data Manipulation Vulnerability in IBM OpenPages with Watson,"An authenticated user in IBM OpenPages with Watson versions 8.3 and 9.0 could exploit a vulnerability in the Questionnaires application. This vulnerability allows the user to manipulate existing data, leading to potential spoofing of responses submitted by other users, thereby compromising the integrity of the data.",IBM,Openpages With Watson,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-20T03:42:12.195Z,0
CVE-2024-49355,https://securityvulnerability.io/vulnerability/CVE-2024-49355,Data Logging Vulnerability in IBM OpenPages with Watson,A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that may allow improperly neutralized data to be written to server log files when the tracing feature is enabled. This issue could potentially expose sensitive information if exploited. Users are advised to disable the tracing setting and monitor for any suspicious log activity.,IBM,Openpages With Watson,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-20T03:40:05.396Z,0
CVE-2024-37527,https://securityvulnerability.io/vulnerability/CVE-2024-37527,Cross-Site Scripting Vulnerability in IBM OpenPages by IBM,"IBM OpenPages with Watson versions 8.3 and 9.0 is susceptible to a cross-site scripting vulnerability that enables authenticated users to inject arbitrary JavaScript into the Web UI. This malicious code execution may disrupt the application's intended behavior, posing a risk of unauthorized access to sensitive user credentials during trusted sessions.",IBM,Openpages With Watson,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-27T15:49:59.235Z,0
CVE-2024-35117,https://securityvulnerability.io/vulnerability/CVE-2024-35117,Sensitive Information at Risk of Being Written to Clear Text Log Files,"IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.",IBM,Openpages With Watson,4.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-12-11T02:15:00.000Z,0
CVE-2024-35151,https://securityvulnerability.io/vulnerability/CVE-2024-35151,"{""name"":""Improper Authorization in OpenPages with Watson APIs""}",IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.,IBM,Openpages With Watson,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-22T10:12:55.160Z,0
CVE-2023-40683,https://securityvulnerability.io/vulnerability/CVE-2023-40683,IBM OpenPages with Watson privilege escalation,"IBM OpenPages with Watson versions 8.3 and 9.0 are susceptible to an authorization bypass vulnerability stemming from inadequate authorization checks. This security flaw allows a remote attacker, once authenticated as an OpenPages user, to exploit non-public APIs. Consequently, the attacker can bypass stipulated security restrictions, leading to the potential for unauthorized administrative access to the application. Organizations utilizing these versions should prioritize implementing security measures to safeguard their systems against such threats.",IBM,Openpages With Watson,8.8,HIGH,0.0015999999595806003,false,,false,false,false,,,false,false,,2024-01-19T00:54:43.947Z,0
CVE-2023-38738,https://securityvulnerability.io/vulnerability/CVE-2023-38738,IBM OpenPages with Watson information disclosure,"A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that could compromise security when using Native authentication. An attacker with access to the OpenPages database could exploit this weakness through a series of crafted actions. This could lead to unauthorized access to other accounts within the OpenPages environment, highlighting a potential risk for organizations relying on this authentication method.",IBM,OpenPages with Watson,8.1,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-01-19T00:41:22.409Z,0
CVE-2021-29907,https://securityvulnerability.io/vulnerability/CVE-2021-29907,Remote Code Execution Vulnerability in IBM OpenPages by IBM,"An authentication flaw in IBM OpenPages with Watson versions 8.1 and 8.2 allows an authenticated user to upload malicious files, potentially enabling the execution of arbitrary code on the server. This vulnerability could jeopardize the integrity and confidentiality of the entire system, making it essential for users to review their security posture and apply necessary mitigations. For further details, refer to the official IBM support page and the IBM X-Force research database.",IBM,Openpages With Watson,8.8,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2021-08-31T16:15:00.000Z,0