CVE-2024-49780
published 2025-02-20CVE-2024-49780: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | openpages_with_watson | — | — |
| ibm | openpages_with_watson | — | — |
| ibm | openpages_with_watson | >= 8.3 < 8.3.0.3 | 8.3.0.3 |
| ibm | openpages_with_watson | >= 9.0 < 9.0.0.5 | 9.0.0.5 |