Multiple vulnerabilities in IBM OpenPages
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2025-2533 CVE-2025-30472 CVE-2025-36010 CVE-2025-33114 CVE-2025-36071 CVE-2024-52894 CVE-2025-24970 CVE-2025-33143 CVE-2024-50602 CVE-2024-45492 CVE-2024-45491 CVE-2024-45490 CVE-2024-49828 CVE-2024-51473 CVE-2025-0755 CVE-2025-33092 |
| CWE-ID | CWE-400 CWE-121 CWE-833 CWE-772 CWE-20 CWE-674 CWE-190 CWE-124 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM OpenPages with Watson Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU114148
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-2533
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU106058
Risk: Medium
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-30472
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in orf_token_endian_convert() function in exec/totemsrp.c. A remote attacker can send an overly large UDP packet to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability requires that encryption is disabled.
Install update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Deadlock
EUVDB-ID: #VU114153
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-36010
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to executable segments that are waiting for each other to release a necessary lock. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU114149
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-33114
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Missing Release of Resource after Effective Lifetime
EUVDB-ID: #VU114125
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-36071
CWE-ID:
CWE-772 - Missing Release of Resource after Effective Lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper release of memory resources. A remote attacker can trigger the vulnerability and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU114126
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52894
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote privileged user can send a specially crafted query and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU103770
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24970
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SslHandler when using native SSLEngine. A remote attacker can send a specially crafted packet to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Uncontrolled Recursion
EUVDB-ID: #VU114127
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-33143
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion. A remote user can send a specially crafted SQL statement that performs uncontrolled recursion.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU99614
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-50602
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the XML_ResumeParser function. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU96899
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45492
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow
EUVDB-ID: #VU96898
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45491
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer Underwrite ('Buffer Underflow')
EUVDB-ID: #VU96897
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-45490
CWE-ID:
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Stack-based buffer overflow
EUVDB-ID: #VU114104
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49828
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to server may crash under certain conditions with a specially crafted query. A remote unauthenticated attacker can send a specially crafted query to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stack-based buffer overflow
EUVDB-ID: #VU114105
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-51473
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to server may crash under certain conditions with a specially crafted query. A remote unauthenticated attacker can send a specially crafted query to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU112138
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-0755
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within various bson_append functions. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Stack-based buffer overflow
EUVDB-ID: #VU114124
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-33092
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper bounds checking. A local user can send a specially crafted query to overflow the buffer and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: 9.0 - 9.1.1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_openpages_with_watson:9.0.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7245194
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
