CVE-2024-49781

IBM OpenPages with Watson versions 8.3 and 9.0 is vulnerable to CVE-2024-49781, an XML external entity (XXE) injection flaw that occurs when processing XML data. This vulnerability, published on 2025-02-20, carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) and is associated with CWE-611. It allows attackers to potentially read sensitive files or manipulate XML parsing in ways that lead to information disclosure or resource exhaustion.

A remote attacker with low privileges (PR:L) can exploit this over the network with low complexity and no user interaction required. Successful exploitation enables the disclosure of sensitive information from the server or consumption of memory resources, resulting in high confidentiality impact (C:H) and low availability impact (A:L), without affecting integrity.

The IBM security advisory at https://www.ibm.com/support/pages/node/7183541 provides details on the vulnerability, including recommended mitigations and patches for affected versions.