CVE-2024-49344

CWE-3843 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 76.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages With Watson
Timeline
PublishedFeb 20

Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/openpages_with_watson8.38.3.0.3+1
CVEListV5ibm/openpages_with_watson8.3, 9.0+1

🔴Vulnerability Details

2
GHSA
GHSA-f6r9-68xj-457v: IBM OpenPages with Watson 82025-02-20
CVEList
IBM OpenPages session fixation2025-02-20
CVE-2024-49344 (MEDIUM CVSS 4.3) | IBM OpenPages with Watson 8.3 and 9 | cvebase.io