Data Logging Vulnerability in IBM OpenPages with Watson
CVE-2024-49355

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Openpages With Watson
Vendor: CVE Published:; 20 February 2025

Summary

A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that may allow improperly neutralized data to be written to server log files when the tracing feature is enabled. This issue could potentially expose sensitive information if exploited. Users are advised to disable the tracing setting and monitor for any suspicious log activity.

Affected Version(s)

OpenPages with Watson 8.3, 9.0

References

https://www.ibm.com/support/pages/node/7183541

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Oct 14, 2024