CVE-2024-49780 MEDIUM

CVE-2024-49780: IBM OpenPages path traversal

Vendor Ibm
Product OpenPages with Watson
Weakness CWE-22 · Path traversal
Published February 20, 2025
Last update August 15, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.

Key dates

02Disclosure timeline

February 20, 2025 CVE published
August 15, 2025 Record updated

Related vulnerabilities

04Related CVE