Data Logging Vulnerability in IBM OpenPages with Watson
CVE-2024-49355

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Openpages With Watson
Vendor: CVE Published:; 20 February 2025

What is CVE-2024-49355?

A vulnerability exists in IBM OpenPages with Watson versions 8.3 and 9.0 that may allow improperly neutralized data to be written to server log files when the tracing feature is enabled. This issue could potentially expose sensitive information if exploited. Users are advised to disable the tracing setting and monitor for any suspicious log activity.

Affected Version(s)

OpenPages with Watson 8.3, 9.0

References

https://www.ibm.com/support/pages/node/7183541

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Oct 14, 2024