Summary IBM OpenPages may write sensitive data to server log files when the 'UI API' tracing is enabled per the System Tracing feature. Vulnerability Details CVEID: CVE-2024-35117 DESCRIPTION: IBM OpenPages may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290340 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s) | Version(s) —|— IBM OpenPages | 9.0 Remediation/Fixes In IBM OpenPages 9.0, enabling additional user interface tracing could potentially write sensitive data to debug log files when an administrator performs a password reset on a user whose passwords are managed by OpenPages native authentication. Fixes and installation instructions are provided at the URLs listed below: Product | Remediation —|— For IBM OpenPages with Watson 9.0 – Apply 9.0 FixPack 2 (9.0.0.2) then, – Apply 9.0.0.2 Interim Fix 2 (9.0.0.2.2) or later Or – Apply 9.0 FixPack 3 (9.0.0.3) | Download URL for 9.0.0.2 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-2 Download URL for 9.0.0.2.2 https://www.ibm.com/support/pages/ibm-openpages-9002-interim-fix-2 Download URL for 9.0.0.3 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-3 For IBM OpenPages v8.0/8.1/8.2 customers, IBM…Read More
References
Back to Main