IBM OpenPages with Watson information disclosure
CVE-2023-38738

8.1HIGH

Key Information:

Vendor: IBM
Status: OpenPages with Watson
Vendor: CVE Published:; 19 January 2024

What is CVE-2023-38738?

A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that could compromise security when using Native authentication. An attacker with access to the OpenPages database could exploit this weakness through a series of crafted actions. This could lead to unauthorized access to other accounts within the OpenPages environment, highlighting a potential risk for organizations relying on this authentication method.

Affected Version(s)

OpenPages with Watson 8.3, 9.0

References

https://www.ibm.com/support/pages/node/7107775

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/262594

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2024
Vulnerability Reserved
Jul 25, 2023