CVE-2024-35151

MEDIUM

IBM OpenPages with Watson 8.3 and 9.0 - Authenticated Sensitive Information Exposure via API Authorization Bypass

Title source: llm

Description

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://www.ibm.com/support/pages/node/7165959

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/292638

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306 CWE-288

Status published

Products (2)

ibm/openpages_grc_platform 8.3

ibm/openpages_with_watson 9.0

Published Aug 22, 2024

Tracked Since Feb 18, 2026