CVE-2024-49780 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-49780

Analyzed

More Info Official Page

Source-psirt@us.ibm.com

Published At-20 Feb, 2025 | 04:15

Updated At-11 Mar, 2025 | 14:37

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CPE Matches

IBM Corporation

>>openpages_with_watson>>Versions from 8.3(inclusive) to 8.3.0.3(exclusive)

cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*

IBM Corporation

>>openpages_with_watson>>Versions from 9.0(inclusive) to 9.0.0.5(exclusive)

cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Secondary	psirt@us.ibm.com

CWE ID: CWE-22

Type: Secondary

Source: psirt@us.ibm.com

References

Hyperlink	Source	Resource
https://www.ibm.com/support/pages/node/7183541	psirt@us.ibm.com	Vendor Advisory

Hyperlink: https://www.ibm.com/support/pages/node/7183541

Source: psirt@us.ibm.com

Resource:

Vendor Advisory