CVE-2024-49782

Summary

IBM OpenPages with Watson 8.3 and 9.0 

could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.

Affected Software

VendorProductVersion RangeStatus
IBMOpenPages with Watson8.3affected
IBMOpenPages with Watson9.0affected

Weaknesses

  • CWE-297: CWE-297 Improper Validation of Certificate with Host Mismatch

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References