CVE-2024-49355 — Improper Output Neutralization for Logs in IBM Openpages With Watson

CWE-117 — Improper Output Neutralization for Logs CWE-116 — Improper Encoding or Escaping of Output3 documents3 sources

Severity

6.5MEDIUMNVD

CNA5.3

EPSS

0.2%

top 61.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Openpages With Watson

Timeline

PublishedFeb 20

Description

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/openpages_with_watson8.3 — 8.3.0.3+1

▶CVEListV5ibm/openpages_with_watson8.3, 9.0+1

🔴Vulnerability Details

GHSA

GHSA-7m8c-9m95-h39f: IBM OpenPages with Watson 8↗2025-02-20

▶

CVEList

IBM OpenPages log manipulation↗2025-02-20

▶