IBM OpenPages 8.3/9.0 Log Injection via Tracing
CVE-2024-49355 Published on February 20, 2025
IBM OpenPages log manipulation
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature.
Vulnerability Analysis
CVE-2024-49355 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Products Associated with CVE-2024-49355
Want to know whenever a new CVE is published for IBM Openpages With Watson? stack.watch will email you.
Affected Versions
IBM OpenPages with Watson:- Version 8.3 is affected.
- Version 9.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.