CVE-2023-40683

Name of the Vulnerable Software and Affected Versions IBM OpenPages with Watson versions 8.3 through 9.0

Description The issue is caused by insufficient authorization checks, allowing a remote attacker to bypass security restrictions. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this to bypass security and gain unauthorized administrative access to the application.

Recommendations For versions 8.3 and 9.0, consider disabling non-public API access until a patch is available. Restrict access to administrative functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.