Vulnerability Details CVE-2024-49780
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.2%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2024-49780
-
cpe:2.3:a:ibm:openpages_with_watson:*
-
cpe:2.3:a:ibm:openpages_with_watson:9.0
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-