Primary

Context

IBM OpenPages with Watson Improper Output Neutralization in Logs Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0, where the application may write improperly neutralized data to server log files. This issue arises when the System Tracing feature is enabled, potentially leading to log injection vulnerabilities.

Impact

Exploitation of this vulnerability could result in log injection, where an attacker could manipulate log files to include misleading or harmful information.

Remediation

Users of IBM OpenPages 9.0 should upgrade to version 9.0 FixPack 5 or later. Users of IBM OpenPages 8.3 should upgrade to version 8.3 FixPack 3, followed by 8.3.03 Interim Fix 1. Instructions for downloading these versions are available on the IBM Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM OpenPages with Watson Improper Output Neutralization in Logs Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM OpenPages

IBM OpenPages with Watson

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating