Primary

Context

IBM OpenPages with Watson Improper Input Validation Vulnerability Allowing Bypassing of Required Fields

Vulnerability

Patched

A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0, where improper input validation allows authenticated users to bypass client-side checks on data types and required fields for Governance, Risk, and Compliance (GRC) Objects. By sending a specially crafted payload to the server, it is possible to save data without including the mandatory fields.

Impact

Exploitation of this vulnerability could lead to the improper saving of data, allowing required fields to be omitted, which could disrupt data integrity within the application.

Remediation

Users of IBM OpenPages 9.0 should upgrade to version 9.0.0.5 and then apply Interim Fix 3. Users of IBM OpenPages 8.3 should upgrade to version 8.3.0.3 and then apply Interim Fix 2. Instructions for downloading these versions are available on the IBM Support website.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM OpenPages with Watson Improper Input Validation Vulnerability Allowing Bypassing of Required Fields

Vulnerability

Impact

Remediation

Affected Products

IBM OpenPages

IBM OpenPages with Watson

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating