Directory Traversal Vulnerability in IBM OpenPages by IBM
CVE-2024-49780

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Openpages With Watson
Vendor: CVE Published:; 20 February 2025

What is CVE-2024-49780?

The vulnerability in IBM OpenPages permits remote attackers with specific privileges to exploit the Import Configuration feature. By sending a crafted HTTP request containing 'dot dot' sequences ('/../'), attackers can navigate the directory structure and write files to unauthorized locations. This could lead to the overwriting of arbitrary files, potentially compromising the integrity and security of the system.

Affected Version(s)

OpenPages with Watson 8.3, 9.0

References

https://www.ibm.com/support/pages/node/7183541

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Oct 20, 2024