Improper Validation of Certificate with Host Mismatch

CVE-2024-49782

Medium

6.8/10

Summary

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-297 - Improper Validation of Certificate with Host Mismatch

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

References

Advisory Timeline

Published Feb 20, 2025

Improper Validation of Certificate with Host Mismatch

CVE-2024-49782

Summary

CWE-297 - Improper Validation of Certificate with Host Mismatch

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS