CVE-2024-49344 – IBM OpenPages with Watson versions 8.3 and 9.0 ... (How to Fix)

Q: What is the severity of CVE-2024-49344?

CVE-2024-49344 has a CVSS score of 4.3 (MEDIUM). IBM OpenPages with Watson versions 8.3 and 9.0 have a session management vulnerability where chat sessions remain active after user logout. This allows potential unauthorized access to chat functionality if an attacker gains access to the session. Organizations using these versions with the Watson Assistant chat feature enabled are affected.

📋 TL;DR

IBM OpenPages with Watson versions 8.3 and 9.0 have a session management vulnerability where chat sessions remain active after user logout. This allows potential unauthorized access to chat functionality if an attacker gains access to the session. Organizations using these versions with the Watson Assistant chat feature enabled are affected.

💻 Affected Systems

Products:

IBM OpenPages with Watson

Versions: 8.3 and 9.0

Operating Systems: All supported platforms

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Watson Assistant chat feature is enabled. Other configurations are not affected.

📦 What is this software?

Openpages With Watson by Ibm

View all CVEs affecting Openpages With Watson →

Openpages With Watson by Ibm

View all CVEs affecting Openpages With Watson →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could hijack an active chat session after legitimate user logout, potentially accessing sensitive chat history or impersonating the user in chat interactions.

🟠

Likely Case

Unauthorized access to chat sessions could lead to information disclosure of chat conversations or unauthorized use of chat functionality.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to chat functionality only, not core application data.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the chat session after legitimate user logout. No authentication bypass is involved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7183541

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific patch details. 2. Apply the interim fix or upgrade to patched version. 3. Restart the application. 4. Verify chat sessions are properly terminated on logout.

🔧 Temporary Workarounds

Disable Watson Assistant Chat Feature

all

Temporarily disable the vulnerable chat functionality until patching can be completed

Consult IBM documentation for disabling Watson Assistant chat feature

🧯 If You Can't Patch

Implement session timeout policies for chat sessions
Monitor chat session activity logs for anomalies

🔍 How to Verify

Check if Vulnerable:

Check if running IBM OpenPages with Watson 8.3 or 9.0 with Watson Assistant chat feature enabled

Check Version:

Check application version in IBM OpenPages administration console

Verify Fix Applied:

Test that chat sessions are properly terminated when users log out

📡 Detection & Monitoring

Log Indicators:

Chat sessions continuing after user logout events
Multiple chat sessions from same user ID with overlapping timestamps

Network Indicators:

Chat API calls from unexpected IP addresses after logout

SIEM Query:

source="openpages" AND event="logout" AND chat_session_active="true"

📊 Metadata

CVE ID: CVE-2024-49344

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-384

EPSS Score: 0.07% exploit probability (22.1th percentile)

Published: February 20, 2025

Last Updated: March 11, 2025

🔗 References

https://www.ibm.com/support/pages/node/7183541 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49344, you might also want to check these: