CVE-2024-35151 – IBM OpenPages with Watson versions 8.3 and 9.0 ... (How to Fix)

📋 TL;DR

IBM OpenPages with Watson versions 8.3 and 9.0 contain an improper authorization vulnerability in APIs that allows authenticated users to access sensitive information they shouldn't have permission to view. This affects organizations using these specific versions of IBM's governance, risk, and compliance software.

💻 Affected Systems

Products:

IBM OpenPages with Watson

Versions: 8.3 and 9.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the OpenPages application; all deployments of affected versions are vulnerable unless patched.

📦 What is this software?

Openpages Grc Platform by Ibm

View all CVEs affecting Openpages Grc Platform →

Openpages With Watson by Ibm

View all CVEs affecting Openpages With Watson →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attackers could access confidential business data, compliance information, audit trails, or sensitive configuration details, potentially leading to data breaches, regulatory violations, or further system compromise.

🟠

Likely Case

Privilege escalation where users with limited permissions access data intended for administrators or other privileged roles, compromising data confidentiality and violating access controls.

🟢

If Mitigated

With proper network segmentation and strict access controls, impact is limited to authorized users within the application boundary, though data confidentiality within the application remains at risk.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but appears straightforward once authenticated; no public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7165959

Restart Required: Yes

Instructions:

1. Review IBM advisory at provided URL
2. Download and apply the interim fix for your version
3. Restart OpenPages services
4. Verify the fix by testing authorization controls

🔧 Temporary Workarounds

Restrict API Access

all

Implement network-level restrictions to limit which users can access OpenPages APIs

Enhanced Monitoring

all

Increase logging and monitoring of API access patterns for suspicious activity

🧯 If You Can't Patch

Implement strict network segmentation to isolate OpenPages from non-essential users
Enforce principle of least privilege and regularly audit user permissions

🔍 How to Verify

Check if Vulnerable:

Check OpenPages version via administrative interface or configuration files; versions 8.3.x or 9.0.x are vulnerable

Check Version:

Check OpenPages version in administrative console or configuration files

Verify Fix Applied:

After applying patch, test API authorization controls with test accounts having different permission levels

📡 Detection & Monitoring

Log Indicators:

Unusual API access patterns
Users accessing endpoints beyond their role permissions
Failed authorization attempts followed by successful access

Network Indicators:

Excessive API calls from single authenticated user
Access to sensitive API endpoints from non-privileged accounts

SIEM Query:

source="openpages" AND (event_type="api_access" AND user_role!="admin" AND endpoint="sensitive_endpoint")

📊 Metadata

CVE ID: CVE-2024-35151

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-288

Published: August 22, 2024

Last Updated: August 23, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/292638 VDB Entry
https://www.ibm.com/support/pages/node/7165959 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35151, you might also want to check these: