CVE-2024-49344

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

BM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

References

Link	Resource
https://www.ibm.com/support/pages/node/7183541	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:openpages_with_watson::::::::
	cpe:2.3:a:ibm:openpages_with_watson::::::::

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

11 Mar 2025, 14:02

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:openpages_with_watson:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
References	~~() https://www.ibm.com/support/pages/node/7183541 -~~	() https://www.ibm.com/support/pages/node/7183541 - Vendor Advisory
Summary		(es) La función de chat del asistente de IBM OpenPages con Watson habilita la aplicación para establecer una sesión cuando un usuario inicia sesión y usa el chat, pero la sesión de chat permanece activa después de cerrar la sesión.
First Time		Ibm Linux Microsoft Ibm openpages With Watson Linux linux Kernel Microsoft windows

20 Feb 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-20 12:15

Updated : 2025-03-11 14:02

NVD link : CVE-2024-49344

Mitre link : CVE-2024-49344

CVE.ORG link : CVE-2024-49344

JSON object : View

Products Affected

linux_kernel

openpages_with_watson

windows

CWE

CWE-384

Session Fixation

{"id": "CVE-2024-49344", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-02-20T12:15:10.377", "references": [{"url": "https://www.ibm.com/support/pages/node/7183541", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages \n\n\n\nwith Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout."}, {"lang": "es", "value": "La funci\u00f3n de chat del asistente de IBM OpenPages con Watson habilita la aplicaci\u00f3n para establecer una sesi\u00f3n cuando un usuario inicia sesi\u00f3n y usa el chat, pero la sesi\u00f3n de chat permanece activa despu\u00e9s de cerrar la sesi\u00f3n."}], "lastModified": "2025-03-11T14:02:39.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F71A33D-AF4E-4480-A4C2-2C73DBA1B967", "versionEndExcluding": "8.3.0.3", "versionStartIncluding": "8.3"}, {"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36C16B7-9740-4060-BCF4-3270CE3176B1", "versionEndExcluding": "9.0.0.5", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}