IBM Openpages With Watson
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Openpages With Watson.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Openpages With Watson. Last year, in 2025 Openpages With Watson had 18 security vulnerabilities published. Right now, Openpages With Watson is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 18 | 5.86 |
| 2024 | 4 | 6.00 |
It may take a day or so for new Openpages With Watson vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Openpages With Watson Security Vulnerabilities
IBM OpenPages 9.1/9.0 Watson Remote HTML Injection Vulnerability
CVE-2025-33110
5.4 - Medium
- November 06, 2025
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Basic XSS
IBM OpenPages 9.0-9.1 Web Page Cache Local Disclosure
CVE-2025-36082
4 - Medium
- September 15, 2025
IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.
Use of Web Browser Cache Containing Sensitive Information
IBM OpenPages with Watson 8.x/9.0 Info Disclosure for Auth Users
CVE-2025-1112
4.3 - Medium
- July 09, 2025
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
Improper Ownership Management
IBM OpenPages with Watson 8.3/9.0 Improper Input Validation in GRC Objects
CVE-2025-27367
6.5 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.
Client-Side Enforcement of Server-Side Security
IBM OpenPages 9.0 XSS via Web UI
CVE-2023-43039
6.1 - Medium
- July 08, 2025
IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
XSS
IBM OpenPages with Watson 8.3/9.0 Weak Encrypted Data Storage
CVE-2024-49783
6.5 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.
Not Using an Unpredictable IV with CBC Mode
IBM OpenPages with Watson <=9.0 Weak AES-CBC in Encrypted Data Storage
CVE-2024-49784
6.5 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.
Use of a Broken or Risky Cryptographic Algorithm
IBM OpenPages 8.3/9.0 REST Admin Endpoints Info Disclosure
CVE-2025-27369
4.3 - Medium
- July 08, 2025
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM OpenPages 8.3/9.0 XXE in XML Parser (XML External Entity)
CVE-2024-49781
7.1 - High
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
XXE
IBM OpenPages WS 8.3/9.0 Auth Cookie Bypass (CVE-2024-49779)
CVE-2024-49779
8.8 - High
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.
Session Riding
IBM OpenPages with Watson 8.3 & 9.0: Chat Session Persists after Logout
CVE-2024-49344
4.3 - Medium
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
Session Fixation
OpenPages 8.3/9.0 HTML Injection in Workflow Email Notifications
CVE-2024-49337
5.4 - Medium
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
XSS
CVE-2024-43196: Auth User Spoofs Qns Data in IBM OpenPages with Watson 8.3/9.0
CVE-2024-43196
4.3 - Medium
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
Improper Following of a Certificate's Chain of Trust
IBM OpenPages 8.3/9.0 Log Injection via Tracing
CVE-2024-49355
6.5 - Medium
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.
Output Sanitization
IBM OpenPages dir traversal via Import Config (before 9.0/8.3)
CVE-2024-49780
6.5 - Medium
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
Directory traversal
IBM OpenPages with Watson 8.3/9.0 Spoof Mail Server Identity via SSL/TLS
CVE-2024-49782
8.2 - High
- February 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.
Improper Certificate Validation
IBM OpenPages 8.3/9.0 Auth XSS via Web UI
CVE-2024-37527
5.4 - Medium
- January 27, 2025
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM OpenPages 9.0 Authenticated Info Disclosure via Config Access
CVE-2024-43176
5.4 - Medium
- January 09, 2025
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.
Improper Ownership Management
IBM OpenPages with Watson Sensitive Information Disclosure in System Tracing Logs
CVE-2024-35117
4.4 - Medium
- December 11, 2024
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
Cleartext Storage of Sensitive Information
IBM OpenPages 8.3/9.0 JS Source Map Info Disclosure
CVE-2024-27257
4.3 - Medium
- September 10, 2024
IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
Inclusion of Sensitive Information in Source Code
IBM OpenPages with Watson 8.3/9.0 Auth Breach via Improper API Authorization
CVE-2024-35151
6.5 - Medium
- August 22, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
Missing Authentication for Critical Function
IBM OpenPages 8.3/9.0 Auth Bypass via Non-Public APIs
CVE-2023-40683
8.8 - High
- January 19, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Openpages With Watson or by IBM? Click the Watch button to subscribe.
