CVE-2024-49781: IBM OpenPages XML external entity injection
Published Feb 19, 2025
·Updated
IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Affected Software
6 affected componentsFixes available
IBM OpenPages<=9.0
IBM OpenPages with Watson<=IBM OpenPages with Watson 8.3
All of the following
Any of the following
IBM OpenPages with Watson>=8.3<8.3.0.3
IBM OpenPages with Watson>=9.0<9.0.0.5
Any of the following
Linux Linux kernel
Microsoft Windows
Event History
Feb 19, 2025
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Feb 20, 2025
CVE Published
via MITRE·12:04 PM
Data Sourced
via MITRE·12:04 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2024-49781?
CVE-2024-49781 is considered a high severity vulnerability due to its potential for sensitive information exposure and resource consumption.
2
How do I fix CVE-2024-49781?
To fix CVE-2024-49781, you should apply the latest patch available for IBM OpenPages from IBM support.
3
Which versions of IBM OpenPages are affected by CVE-2024-49781?
CVE-2024-49781 affects IBM OpenPages versions up to and including 9.0 and IBM OpenPages with Watson version 8.3.
4
What type of attack is associated with CVE-2024-49781?
CVE-2024-49781 is associated with an XML External Entity (XXE) attack.
5
Can CVE-2024-49781 be exploited remotely?
Yes, CVE-2024-49781 can be exploited remotely by attackers to gain unauthorized access to sensitive data.