CVE-2024-49780

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 56.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages With Watson
Timeline
PublishedFeb 20

Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDibm/openpages_with_watson8.38.3.0.3+1
CVEListV5ibm/openpages_with_watson8.3, 9.0+1

🔴Vulnerability Details

2
CVEList
IBM OpenPages path traversal2025-02-20
GHSA
GHSA-qj8v-rq4h-7fwh: IBM OpenPages with Watson 82025-02-20
CVE-2024-49780 (MEDIUM CVSS 6.5) | IBM OpenPages with Watson 8.3 and 9 | cvebase.io