XML External Entity Injection Vulnerability in IBM OpenPages by IBM
CVE-2024-49781

7.1HIGH

Key Information:

Vendor: IBM
Status: Openpages With Watson
Vendor: CVE Published:; 20 February 2025

Summary

IBM OpenPages versions 8.3 and 9.0 are susceptible to an XML External Entity (XXE) injection flaw. This vulnerability arises from the way the software processes XML data, enabling remote attackers to exploit the system. By leveraging this vulnerability, malicious users can potentially disclose sensitive information or exhaust system resources, posing significant risks to data integrity and application performance.

Affected Version(s)

OpenPages with Watson 8.3, 9.0

References

https://www.ibm.com/support/pages/node/7183541

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025