CVE-2024-49784

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0

Description: The issue concerns the storage of encrypted data using AES encryption and CBC mode, which could provide weaker than expected security. An authenticated remote attacker with access to the database or a local attacker with access to server files could exploit this weakness to extract the encrypted data values and possibly use additional cryptographic methods to extract the encrypted data.

Recommendations: For IBM OpenPages with Watson versions 8.3 through 9.0, consider updating the encryption method to a stronger algorithm to mitigate the risk of exploitation. As a temporary workaround, restrict access to the encrypted data and server files to minimize the risk of unauthorized access.