CVE-2024-49779

EPSS 0.04%
Veröffentlicht 20.02.2025 12:15:10
Zuletzt bearbeitet 11.03.2025 13:55:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM OpenPages cross-site request forgery

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages 

could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Openpages With Watson Version >= 8.3 < 8.3.0.3

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Openpages With Watson Version >= 9.0 < 9.0.0.5

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@us.ibm.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://www.ibm.com/support/pages/node/7183541

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-49779

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49779

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49779

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-49779