Primary

Context

IBM OpenPages XML External Entity Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing XML external entity (XXE) injection has been identified in IBM OpenPages with Watson versions 8.3 and 9.0. This vulnerability arises when the application processes XML data, potentially allowing remote attackers to access sensitive information or exhaust memory resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information or cause memory exhaustion on the affected system.

Remediation

Users of IBM OpenPages 9.0 should upgrade to version 9.0 FixPack 5 or later. Users of IBM OpenPages 8.3 should upgrade to version 8.3 FixPack 3, followed by 8.3.03 Interim Fix 1. Instructions for downloading these updates are available on the IBM Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

3.1

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

3.1

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM OpenPages XML External Entity Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM OpenPages

IBM OpenPages with Watson

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating