CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
ibmCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
ibmopenpages_with_watson
8.3 ≤
𝑥
< 8.3.0.3
ibmopenpages_with_watson
9.0 ≤
𝑥
< 9.0.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7183541