IBM OpenPages with Watson Encryption Vulnerability Allowing Data Extraction

A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0, where the encryption of data using AES in CBC mode may be weaker than expected. This flaw could allow an authenticated remote attacker with database access, or a local attacker with access to server files, to extract encrypted data. Once extracted, the attacker could potentially use additional cryptographic techniques to retrieve the original data.

Impact

Exploitation of this vulnerability could lead to unauthorized extraction of encrypted data, with the possibility of decrypting it using additional cryptographic methods.

Remediation

Users of IBM OpenPages 9.0 should upgrade to version 9.0 FixPack 5 or later. Users of IBM OpenPages 8.3 should upgrade to version 8.3 FixPack 3, followed by 8.3.03 Interim Fix 1. Instructions for downloading these updates are available on the IBM Support website.