
Summary Security fixes for a set of APIs that allowed unprivileged users to access sensitive information have been included in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2025-1112 DESCRIPTION: IBM OpenPages with Watson could allow an authenticated user to obtain sensitive information that should only be available to privileged users. CWE:CWE-282: Improper Ownership Management CVSS Source: IBM CVSS Base score: 4.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM OpenPages | 9.0 IBM OpenPages with Watson| IBM OpenPages with Watson 8.3 Remediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product | Remediation —|— For IBM OpenPages 9.0 – Apply 9.0 FixPack 5 (9.0.0.5) or later – Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3) | Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.3 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3 For IBM OpenPages 8.3 – Apply 8.3 FixPack 3 (8.3.0.3) – Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2) | Download URL for 8.3.0.3 https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3 Download URL for 8.3.0.3.2…Read More
References
Back to Main