Input Validation Flaw in IBM OpenPages with Watson Affects User Data Integrity
CVE-2025-27367

5.3MEDIUM

Key Information:

Vendor

IBM

Vendor
CVE Published:
8 July 2025

What is CVE-2025-27367?

IBM OpenPages with Watson versions 8.3 and 9.0 contain an improper input validation vulnerability that allows an authenticated user to bypass client-side validation. This issue arises when the application fails to enforce required data fields for Governance, Risk Management, and Compliance (GRC) objects. Malicious actors can exploit this flaw by sending specially crafted payloads to the server, enabling them to save data without fulfilling the required field constraints, potentially leading to data integrity issues.

Affected Version(s)

OpenPages with Watson 8.3, 9.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27367 : Input Validation Flaw in IBM OpenPages with Watson Affects User Data Integrity