CVE-2024-35151

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:openpages_grc_platform:8.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*

History

23 Aug 2024, 15:32

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/292638 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/292638 - VDB Entry
References () https://www.ibm.com/support/pages/node/7165959 - () https://www.ibm.com/support/pages/node/7165959 - Vendor Advisory
CPE cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:openpages_grc_platform:8.3:*:*:*:*:*:*:*
CWE CWE-306
First Time Ibm
Ibm openpages Grc Platform
Ibm openpages With Watson
Summary
  • (es) IBM OpenPages con Watson 8.3 y 9.0 podría permitir a los usuarios autenticados acceder a información confidencial a través de controles de autorización inadecuados en las API.

22 Aug 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-22 11:15

Updated : 2024-08-23 15:32


NVD link : CVE-2024-35151

Mitre link : CVE-2024-35151

CVE.ORG link : CVE-2024-35151


JSON object : View

Products Affected

ibm

  • openpages_with_watson
  • openpages_grc_platform
CWE
CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel