CVE-2024-49779

Summary

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages

could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.

Affected Software

VendorProductVersion RangeStatus
IBMOpenPages with Watson8.3affected
IBMOpenPages with Watson9.0affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References