IBM OpenPages with Watson Cross-Site Request Forgery Vulnerability Allowing Security Bypass

A cross-site request forgery (CSRF) vulnerability has been identified in IBM OpenPages with Watson versions 8.3 and 9.0. This vulnerability allows remote attackers to bypass security restrictions by improperly validating and managing authentication cookies. Attackers could exploit this issue by modifying the CSRF token and Session Id cookie parameters, using the cookies of another user, to gain unauthorized access to the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the application, allowing attackers to bypass security restrictions and potentially manipulate data or perform actions on behalf of the affected user.

Remediation

Users of IBM OpenPages 9.0 should upgrade to version 9.0 FixPack 5 or later. Users of IBM OpenPages 8.3 should upgrade to version 8.3 FixPack 3, followed by 8.3.03 Interim Fix 1. Instructions for downloading these versions are available on the IBM Support website.