8.2
CVE-2024-49782
- EPSS 0.21%
- Veröffentlicht 20.02.2025 04:15:10
- Zuletzt bearbeitet 11.03.2025 14:19:11
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM OpenPages improper certificate validation
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Openpages With Watson Version >= 8.3 < 8.3.0.3
Ibm ≫ Openpages With Watson Version >= 9.0 < 9.0.0.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.431 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
|
| psirt@us.ibm.com | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-297 Improper Validation of Certificate with Host Mismatch
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.