CVE-2024-37527

Name of the Vulnerable Software and Affected Versions IBM OpenPages with Watson versions 8.3 through 9.0

Description The issue is related to the web interface of IBM OpenPages and IBM OpenPages with Watson, where insufficient measures are taken to protect the web page structure. This allows a remote attacker to conduct cross-site scripting attacks, potentially gaining unauthorized access to protected information. An authenticated user can embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session.

Recommendations For IBM OpenPages with Watson version 8.3, update to a version that includes the fix for this issue. For IBM OpenPages with Watson version 9.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.