CVE-2024-49782
Published: 20 February 2025
Summary
CVE-2024-49782 is a medium-severity Improper Validation of Certificate with Host Mismatch (CWE-297) vulnerability in Ibm Openpages With Watson. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 42.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates proper validation of PKI certificates during SSL/TLS connections, directly preventing mail server identity spoofing due to improper certificate validation.
Requires timely identification, reporting, and remediation of flaws like improper certificate validation through patching, as provided by IBM for this CVE.
Enforces cryptographic protection for transmission confidentiality and integrity using TLS, addressing spoofing risks in email notifications though not fully covering certificate validation specifics.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper certificate validation enables adversary-in-the-middle attacks against TLS connections to the mail server, allowing spoofing and interception of email notifications.
NVD Description
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages…
more
or disrupt notification delivery.
Deeper analysisAI
CVE-2024-49782 affects IBM OpenPages with Watson versions 8.3 and 9.0, where the software could allow a remote attacker to spoof the mail server identity when using SSL/TLS security. This vulnerability stems from improper certificate validation, mapped to CWE-297 (Improper Validation of Certificate with Host Mismatch) and CWE-295 (Improper Certificate Validation). It has a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating medium severity with network accessibility, high attack complexity, low privileges required, high confidentiality impact, and high availability impact.
A remote attacker with low privileges could exploit this vulnerability to spoof the mail server identity during SSL/TLS connections used for email notifications generated by OpenPages. Successful exploitation would enable the attacker to access sensitive information disclosed through these notifications or disrupt their delivery entirely.
The IBM security advisory at https://www.ibm.com/support/pages/node/7183541 provides details on mitigation, including available patches for the affected versions.
Details
- CWE(s)