- Description
- IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
- Source
- psirt@us.ibm.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 3.6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- psirt@us.ibm.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 #CVE-2024-49780 - #IBM OpenPages with Watson https://t.co/81oq8XnmCB
@UndercodeUpdate
26 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49780 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Impo… https://t.co/dgAuOU6mtS
@CVEnew
20 Feb 2025
433 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes