PT-2025-28657 · Ibm · Ibm Openpages With Watson
Published
2025-07-08
·
Updated
2025-07-09
·
CVE-2025-27369
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM OpenPages with Watson versions 8.3 through 9.0
Description:
The issue concerns information disclosure of sensitive information due to weaker than expected security for certain REST endpoints used for administration. An authenticated user can obtain information about system configuration and internal state intended only for system administrators.
Recommendations:
For IBM OpenPages with Watson versions 8.3 through 9.0, consider restricting access to the affected REST endpoints to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to prevent them from accessing sensitive system configuration and internal state information.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Openpages With Watson