CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7239145	Vendor Advisory Patch

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:openpages_with_watson::::::::
	cpe:2.3:a:ibm:openpages_with_watson::::::::

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

14 Jul 2025, 17:56

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7239145 -~~	() https://www.ibm.com/support/pages/node/7239145 - Vendor Advisory, Patch
CPE		cpe:2.3:a:ibm:openpages_with_watson:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
First Time		Microsoft Linux Ibm Microsoft windows Ibm openpages With Watson Linux linux Kernel

10 Jul 2025, 13:18

Type	Values Removed	Values Added
Summary		(es) IBM OpenPages con Watson 8.3 y 9.0 podría ofrecer una seguridad más débil de lo esperado en el almacenamiento de datos cifrados. Si un atacante remoto autenticado con acceso a la base de datos o un atacante local con acceso a los archivos del servidor pudiera extraer los datos cifrados, podría aprovechar esta vulnerabilidad para usar métodos criptográficos adicionales y, posiblemente, extraerlos.

08 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 19:15

Updated : 2025-07-14 17:56

NVD link : CVE-2024-49783

Mitre link : CVE-2024-49783

CVE.ORG link : CVE-2024-49783

JSON object : View

Products Affected

linux

linux_kernel

microsoft

windows

ibm

openpages_with_watson

CWE

CWE-329

Not Using an Unpredictable IV with CBC Mode

{"id": "CVE-2024-49783", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T19:15:38.813", "references": [{"url": "https://www.ibm.com/support/pages/node/7239145", "tags": ["Vendor Advisory", "Patch"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-329"}]}], "descriptions": [{"lang": "en", "value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n\n\ncould provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data."}, {"lang": "es", "value": "IBM OpenPages con Watson 8.3 y 9.0 podr\u00eda ofrecer una seguridad m\u00e1s d\u00e9bil de lo esperado en el almacenamiento de datos cifrados. Si un atacante remoto autenticado con acceso a la base de datos o un atacante local con acceso a los archivos del servidor pudiera extraer los datos cifrados, podr\u00eda aprovechar esta vulnerabilidad para usar m\u00e9todos criptogr\u00e1ficos adicionales y, posiblemente, extraerlos."}], "lastModified": "2025-07-14T17:56:36.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F259B3A-B463-4D3E-9C1E-69C83031B998", "versionEndExcluding": "8.3.0.3.1", "versionStartIncluding": "8.3"}, {"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36C16B7-9740-4060-BCF4-3270CE3176B1", "versionEndExcluding": "9.0.0.5", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}