IBM OpenPages Flaw Exposed Authentication Credentials to Attackers

IBM recently disclosed multiple vulnerabilities in its OpenPages platform, a tool widely used for governance, risk, and compliance management.

These vulnerabilities, if exploited, could allow attackers to access sensitive information, disrupt critical processes, or compromise authentication credentials. Below are the details of the most critical issues identified.

Vulnerabilities Details:

CVE-2024-45613: Cross-Site Scripting (XSS) in CKEditor 5

• Description: This vulnerability arises from improper validation of user-supplied input in the clipboard package of CKEditor 5, integrated with IBM OpenPages. A remote attacker could exploit this flaw to inject malicious scripts into web pages. If executed in a victim’s browser, these scripts could steal cookie-based authentication credentials.
• CVSS Base Score: 7.2 (High).

CVE-2024-49782: Mail Server Spoofing

• Description: IBM OpenPages could allow a remote attacker to spoof the identity of a mail server when using SSL/TLS security. This vulnerability could expose sensitive information through email notifications or disrupt notification delivery.
• CVSS Base Score: 6.8 (Medium).

CVE-2024-49781: XML External Entity Injection (XXE)

• Description: IBM OpenPages is vulnerable to an XXE attack when processing XML data. A remote attacker could exploit this to extract sensitive information or cause memory resource exhaustion.
• CVSS Base Score: 7.1 (High).

Affected Products and Versions

The vulnerabilities affect the following versions:

• IBM OpenPages 9.0
• IBM OpenPages with Watson 8.3

Mitigation Recommendations

While no specific workarounds are available, organizations should:

• Regularly update their software to the latest versions.
• Monitor systems for unusual activity that might indicate exploitation attempts.
• Restrict access to sensitive systems and enforce strong authentication mechanisms.

The vulnerabilities in IBM OpenPages highlight the importance of robust security practices in enterprise software.

Organizations using affected versions must act promptly by applying the provided fixes to safeguard their systems against potential attacks.

Failure to address these issues could result in significant data breaches or operational disruptions.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here