Cyber Posture

CVE-2024-49781

High

Published: 20 February 2025

Published
20 February 2025
Modified
11 March 2025
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0006 19.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-49781 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Ibm Openpages With Watson. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through vendor patches directly eliminates the XXE vulnerability in IBM OpenPages XML processing.

SI-10 Information Input Validation good match
prevent

Information input validation prevents malicious XML payloads from injecting external entities, blocking both disclosure and resource exhaustion.

CM-6 Configuration Settings good match
prevent

Secure configuration settings disable external entity resolution in XML parsers, mitigating the core XXE attack vector.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

XXE directly enables local file reads (T1005) via external entity processing and is exploited in a public-facing web app (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Deeper analysisAI

IBM OpenPages with Watson versions 8.3 and 9.0 is vulnerable to CVE-2024-49781, an XML external entity (XXE) injection flaw that occurs when processing XML data. This vulnerability, published on 2025-02-20, carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) and is associated with CWE-611. It allows attackers to potentially read sensitive files or manipulate XML parsing in ways that lead to information disclosure or resource exhaustion.

A remote attacker with low privileges (PR:L) can exploit this over the network with low complexity and no user interaction required. Successful exploitation enables the disclosure of sensitive information from the server or consumption of memory resources, resulting in high confidentiality impact (C:H) and low availability impact (A:L), without affecting integrity.

The IBM security advisory at https://www.ibm.com/support/pages/node/7183541 provides details on the vulnerability, including recommended mitigations and patches for affected versions.

Details

CWE(s)
CWE-611

Affected Products

ibm
openpages with watson
8.3 — 8.3.0.3 · 9.0 — 9.0.0.5

CVEs Like This One

CVE-2024-54171Same product: Linux Linux Kernel
CVE-2024-49779Same product: Ibm Openpages With Watson
CVE-2024-49782Same product: Ibm Openpages With Watson
CVE-2024-52363Same product: Linux Linux Kernel
CVE-2025-14974Same product: Linux Linux Kernel
CVE-2026-1567Same vendor: Ibm
CVE-2025-13916Same product: Linux Linux Kernel
CVE-2024-41766Same product: Linux Linux Kernel
CVE-2025-0162Same vendor: Ibm
CVE-2024-41767Same product: Linux Linux Kernel

References