CVE-2025-27367
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | openpages_with_watson | From 8.3 (inc) to 8.3.0.3.2 (exc) |
| ibm | openpages_with_watson | From 9.0 (inc) to 9.0.0.5.3 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM OpenPages with Watson versions 8.3 and 9.0 involves improper input validation. Specifically, client-side validation for data types and required fields of GRC Objects can be bypassed by an authenticated user sending a specially crafted payload to the server. This allows data to be saved without including the required fields.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to save incomplete or improperly validated data in the system. This can lead to data integrity issues, potentially causing incorrect or incomplete information to be stored and used within the application.