CVE-2024-49779

CVE-2024-49779 is a vulnerability in IBM OpenPages with Watson versions 8.3 and 9.0 that allows a remote attacker to bypass security restrictions due to improper validation and management of authentication cookies. Specifically, the issue stems from inadequate handling of the CSRF token and Session ID cookie parameters, classified under CWE-352 (Cross-Site Request Forgery). The vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges required, but user interaction needed, and limited impact to integrity.

A remote attacker can exploit this vulnerability by obtaining cookies from another user and modifying the CSRF token and Session ID cookie parameters. This enables the attacker to bypass security restrictions and gain unauthorized access to the vulnerable application, though the impact is confined to low integrity effects without confidentiality or availability disruption. User interaction is required, likely in the form of a victim visiting a malicious site or clicking a crafted link that submits the tampered request.

For mitigation details, refer to the IBM security bulletin at https://www.ibm.com/support/pages/node/7183541, which provides information on patches and remediation steps for affected versions.