CVE-2024-49779

Name of the Vulnerable Software and Affected Versions IBM OpenPages with Watson versions 8.3 through 9.0

Description The issue is caused by improper validation and management of authentication cookies, allowing a remote attacker to bypass security restrictions. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.

Recommendations For IBM OpenPages with Watson versions 8.3 through 9.0, consider disabling the use of authentication cookies or restricting access to sensitive areas of the application until a patch is available. As a temporary workaround, avoid using the CSRF token and Session Id cookie parameters in authentication processes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.