CVE-2024-49779
Published: 20 February 2025
Summary
CVE-2024-49779 is a medium-severity CSRF (CWE-352) vulnerability in Ibm Openpages With Watson. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Session Cookie (T1550.004); ranked at the 11.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-23 (Session Authenticity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires protections for session authenticity, directly addressing improper CSRF token and session ID cookie validation to prevent unauthorized access via tampering.
AC-3 enforces approved authorizations for access, mitigating bypass of security restrictions due to flawed cookie-based access decisions.
SI-10 mandates validation of information inputs like CSRF tokens and session cookies, countering the improper validation exploited in this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables use of tampered web session cookies and forging of CSRF tokens for unauthorized authenticated actions.
NVD Description
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies…
more
of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.
Deeper analysisAI
CVE-2024-49779 is a vulnerability in IBM OpenPages with Watson versions 8.3 and 9.0 that allows a remote attacker to bypass security restrictions due to improper validation and management of authentication cookies. Specifically, the issue stems from inadequate handling of the CSRF token and Session ID cookie parameters, classified under CWE-352 (Cross-Site Request Forgery). The vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges required, but user interaction needed, and limited impact to integrity.
A remote attacker can exploit this vulnerability by obtaining cookies from another user and modifying the CSRF token and Session ID cookie parameters. This enables the attacker to bypass security restrictions and gain unauthorized access to the vulnerable application, though the impact is confined to low integrity effects without confidentiality or availability disruption. User interaction is required, likely in the form of a victim visiting a malicious site or clicking a crafted link that submits the tampered request.
For mitigation details, refer to the IBM security bulletin at https://www.ibm.com/support/pages/node/7183541, which provides information on patches and remediation steps for affected versions.
Details
- CWE(s)