CVE-2024-49782 MEDIUM

CVE-2024-49782: IBM OpenPages improper certificate validation

Vendor Ibm
Product OpenPages with Watson
Weakness CWE-297
Published February 20, 2025
Last update August 15, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.

Key dates

02Disclosure timeline

February 20, 2025 CVE published
August 15, 2025 Record updated