漏洞关键信息 漏洞概要 CVEID: CVE-2025-27368 描述: IBM OpenPages 应用程序API存在漏洞,由于对IBM OpenPages中可配置字段的元数据进行不足的访问控制检查,导致敏感信息泄露。 受影响的产品和版本 漏洞详情 CVEID: CVE-2025-27368 CWE: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CVSS Base Score: 4.3 缓解/修复措施 For IBM OpenPages 9.1.1: - Download URL for 9.1.1: http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage For IBM OpenPages 9.0: - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 7 (9.0.0.5.7) - Download URL for 9.0.0.5: https://www.ibm.com/support/pages/ibm-openpages-90-fixpack-5 - Download URL for 9.0.0.5.7: https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 临时解决方案和缓解措施 无