CVE-2025-1112

>= 8.3 and < 8.3.0.3.2

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be availa

4.3MEDIUM

CVE-2025-27369

>= 8.3 and < 8.3.0.3.2

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker tha

4.3MEDIUM

CVE-2025-27367

>= 8.3 and < 8.3.0.3.2

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation

5.3MEDIUM

CVE-2024-49784

>= 8.3 and < 8.3.0.3.1

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encrypti

5.3MEDIUM

CVE-2024-49783

>= 8.3 and < 8.3.0.3.1

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenti

5.3MEDIUM

CVE-2023-43039

< 9.0.0.3

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript

6.1MEDIUM

CVE-2024-49781

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing

7.1HIGH

CVE-2024-49779

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by imp

4.3MEDIUM

CVE-2024-49344

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a s

4.3MEDIUM

CVE-2024-49337

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-s

5.4MEDIUM

CVE-2024-49782

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security

6.8MEDIUM

CVE-2024-49780

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attac

5.3MEDIUM

CVE-2024-49355

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per t

5.3MEDIUM

CVE-2024-43196

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires ap

4.3MEDIUM

CVE-2024-37527

>= 8.3 and < 8.3.0.3

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to em

5.4MEDIUM

CVE-2024-43176

all versions

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be ava

5.4MEDIUM

CVE-2024-35117

>= 9.0 and < 9.0.0.2

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing

4.4MEDIUM

CVE-2024-27257

>= 9.0 and < 9.0.0.3

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to u

4.3MEDIUM

CVE-2024-35151

all versions

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorizati

6.5MEDIUM

CVE-2023-40683

>= 8.3 and < 8.3.0.2.7

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authoriz

8.8HIGH

CVE-2023-38738

>= 8.3 and < 8.3.0.2.7

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authenti

6.8MEDIUM

CVE-2021-29907

>= 8.1 and < 8.1.0.2.1

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the

8.8HIGH