CVE-2024-49781

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 80.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages With Watson
Timeline
PublishedFeb 20

Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDibm/openpages_with_watson8.38.3.0.3+1
CVEListV5ibm/openpages_with_watson8.3, 9.0+1

🔴Vulnerability Details

2
GHSA
GHSA-8vgf-c76r-fp2x: IBM OpenPages with Watson 82025-02-20
CVEList
IBM OpenPages XML external entity injection2025-02-20
CVE-2024-49781 (HIGH CVSS 7.1) | IBM OpenPages with Watson 8.3 and 9 | cvebase.io