IBM OpenPages with Watson Sensitive Information Disclosure Vulnerability

A vulnerability in IBM OpenPages with Watson versions 8.3 and 9.0 allows authenticated users to access sensitive information intended only for privileged users. This issue arises from improper management of API permissions, enabling unprivileged users to retrieve confidential data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, potentially causing a breach of confidentiality by allowing unprivileged users to view data meant for privileged users.

Remediation

Users of IBM OpenPages 9.0 should upgrade to version 9.0 FixPack 5 or later, and then apply 9.0.0.5 Interim Fix 3. Users of IBM OpenPages 8.3 should upgrade to version 8.3 FixPack 3, and then apply 8.3.0.3 Interim Fix 2. Instructions for downloading these updates are available on the IBM Support website. Customers using versions 8.0, 8.1, or 8.2 are advised to upgrade to a fixed version of 8.3 or 9.0.