CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7183541	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:openpages_with_watson::::::::
	cpe:2.3:a:ibm:openpages_with_watson::::::::

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

11 Mar 2025, 14:02

Type	Values Removed	Values Added
Summary		(es) La función de chat del asistente de IBM OpenPages con Watson habilita la aplicación para establecer una sesión cuando un usuario inicia sesión y usa el chat, pero la sesión de chat permanece activa después de cerrar la sesión.
First Time		Ibm openpages With Watson Ibm Microsoft windows Linux Linux linux Kernel Microsoft
CPE		cpe:2.3:a:ibm:openpages_with_watson:::::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::*
References	~~() https://www.ibm.com/support/pages/node/7183541 -~~	() https://www.ibm.com/support/pages/node/7183541 - Vendor Advisory

20 Feb 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-20 12:15

Updated : 2025-03-11 14:02

NVD link : CVE-2024-49344

Mitre link : CVE-2024-49344

CVE.ORG link : CVE-2024-49344

JSON object : View

Products Affected

ibm

openpages_with_watson

linux

linux_kernel

microsoft

windows

CWE

CWE-384

Session Fixation

{"id": "CVE-2024-49344", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-02-20T12:15:10.377", "references": [{"url": "https://www.ibm.com/support/pages/node/7183541", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages \n\n\n\nwith Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout."}, {"lang": "es", "value": "La funci\u00f3n de chat del asistente de IBM OpenPages con Watson habilita la aplicaci\u00f3n para establecer una sesi\u00f3n cuando un usuario inicia sesi\u00f3n y usa el chat, pero la sesi\u00f3n de chat permanece activa despu\u00e9s de cerrar la sesi\u00f3n."}], "lastModified": "2025-03-11T14:02:39.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F71A33D-AF4E-4480-A4C2-2C73DBA1B967", "versionEndExcluding": "8.3.0.3", "versionStartIncluding": "8.3"}, {"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36C16B7-9740-4060-BCF4-3270CE3176B1", "versionEndExcluding": "9.0.0.5", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}