Skip to main content

Openpages With Watson CVE-2021-29907

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2021-08-31 psirt@us.ibm.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 31, 2021 - 16:15 nvd
HIGH 8.8

DescriptionNVD

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

AnalysisAI

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. Affected products include: Ibm Openpages With Watson.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2024-49781 HIGH
7.1 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when

CVE-2024-49782 MEDIUM
6.8 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS sec

CVE-2024-35151 MEDIUM
6.5 Aug 22

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper a

CVE-2023-43039 MEDIUM
6.1 Jul 08

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary

CVE-2024-49337 MEDIUM
5.4 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of us

CVE-2024-49355 MEDIUM
5.3 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enab

CVE-2024-49780 MEDIUM
5.3 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system.

CVE-2024-49783 MEDIUM
5.3 Jul 08

CVE-2024-49783 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management proce

CVE-2025-27367 MEDIUM
5.3 Jul 08

A security vulnerability in IBM OpenPages with Watson 8.3 and 9.0 (CVSS 5.3). Remediation should follow standard vulnera

CVE-2024-49784 MEDIUM
5.3 Jul 08

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AE

CVE-2024-35117 MEDIUM
4.4 Dec 11

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the syste

CVE-2024-49779 MEDIUM
4.3 Feb 20

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, cause

Share

CVE-2021-29907 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy