CPE Details
IBM OpenPages with Watson 9.0
9.0
2024-02-03
02h17 +00:00
02h17 +00:00
2024-02-03
02h17 +00:00
02h17 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*
Informations
Vendor
ibmProduct
openpages_with_watsonVersion
9.0Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks. | 5.4 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | 4.3 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application. | 8.8 |
Haute |
||
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 7.1 |
Haute |
||
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files. | 6.5 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. | 8.2 |
Haute |
||
| IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | 4.3 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | 6.5 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 5.4 |
Moyen |
||
| IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | 4.3 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | 6.5 |
Moyen |
||
| IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | 8.8 |
Haute |
||
| IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | 8.1 |
Haute |
2025©
tesweb SA
