PT-2024-26338 · Ibm · Ibm Openpages With Watson
0Xhassan
+1
·
Published
2024-08-22
·
Updated
2024-08-23
·
CVE-2024-35151
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM OpenPages with Watson versions 8.3 through 9.0
Description
The issue allows authenticated users to access sensitive information due to improper authorization controls on APIs.
Recommendations
For versions 8.3 and 9.0, consider restricting access to sensitive APIs until a patch is available.
As a temporary workaround, review and tighten authorization controls on APIs to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Openpages With Watson