Skip to main content

Openpages With Watson CVE-2025-27369

| EUVDEUVD-2025-20685 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2025-07-08 psirt@us.ibm.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20685
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 19:15 nvd
MEDIUM 4.3

DescriptionCVE.org

IBM OpenPages with Watson 8.3 and 9.0

is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.

Analysis

IBM OpenPages with Watson 8.3 and 9.0

is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2021-29907 HIGH
8.8 Aug 31

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary co

CVE-2024-49781 HIGH
7.1 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when

CVE-2024-49782 MEDIUM
6.8 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS sec

CVE-2024-35151 MEDIUM
6.5 Aug 22

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper a

CVE-2023-43039 MEDIUM
6.1 Jul 08

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary

CVE-2024-49337 MEDIUM
5.4 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of us

CVE-2024-49355 MEDIUM
5.3 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enab

CVE-2024-49780 MEDIUM
5.3 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system.

CVE-2024-49783 MEDIUM
5.3 Jul 08

CVE-2024-49783 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management proce

CVE-2025-27367 MEDIUM
5.3 Jul 08

A security vulnerability in IBM OpenPages with Watson 8.3 and 9.0 (CVSS 5.3). Remediation should follow standard vulnera

CVE-2024-49784 MEDIUM
5.3 Jul 08

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AE

CVE-2024-35117 MEDIUM
4.4 Dec 11

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the syste

Share

CVE-2025-27369 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy