PT-2025-7432 · Ibm · Ibm Openpages With Watson

Published

2025-02-19

Updated

2025-03-11

CVE-2024-49782

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions IBM OpenPages with Watson versions 8.3 through 9.0

Description The issue allows a remote attacker to spoof the mail server identity when using SSL/TLS security. This could be exploited to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.

Recommendations For versions 8.3 and 9.0, consider disabling SSL/TLS security for mail server connections until a patch is available. Restrict access to email notifications generated by OpenPages to minimize the risk of exploitation. Avoid using sensitive information in email notifications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-297CWE-295

Related Identifiers

BDU:2025-06814

CVE-2024-49782

Affected Products

Ibm Openpages With Watson

PT-2025-7432 · Ibm · Ibm Openpages With Watson

CVE-2024-49782

Weakness Enumeration

Related Identifiers

Affected Products

References · 8