PT-2025-46693 · Ibm · Ibm Openpages
Published
2025-11-11
·
Updated
2025-11-18
·
CVE-2025-27368
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM OpenPages versions 9.0 through 9.1
Description
IBM OpenPages versions 9.0 and 9.1 have a security issue that could lead to the disclosure of sensitive information. This is due to insufficient security measures on certain REST API endpoints used by the OpenPages user interface. An authenticated user may be able to access system metadata beyond their authorized viewing permissions. The vulnerable API endpoints allow access to information that should be restricted.
Recommendations
Apply any available updates or configuration changes to strengthen the security of the affected REST API endpoints.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Openpages