Vulnerabilities > IBM > Openpages With Watson > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2024-49337 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. | 5.4 |
| 2025-02-20 | CVE-2024-49344 | Session Fixation vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | 4.3 |
| 2025-02-20 | CVE-2024-43196 | Improper Following of a Certificate's Chain of Trust vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | 4.3 |
| 2025-02-20 | CVE-2024-49355 | Improper Output Neutralization for Logs vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | 6.5 |
| 2025-02-20 | CVE-2024-49780 | Unspecified vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2025-01-27 | CVE-2024-37527 | Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. | 5.4 |
| 2024-12-11 | CVE-2024-35117 | Cleartext Storage of Sensitive Information vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. | 4.4 |
| 2024-09-10 | CVE-2024-27257 | Unspecified vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | 4.3 |
| 2024-08-22 | CVE-2024-35151 | Missing Authentication for Critical Function vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | 6.5 |