Categories: Cyber Security News

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and Queue Manager container images.

These vulnerabilities, including denial of service and privilege escalation, could allow attackers to bypass security restrictions and disrupt operations.

Summary of Vulnerabilities

The bulletin highlights several vulnerabilities affecting the IBM MQ Operator and Queue Manager container images.

The key issues are related to Kerberos 5 and IBM MQ, which are susceptible to improper memory allocation and access control flaws.

  1. CVE-2024-40681: This vulnerability allows an authenticated user with a specific role to bypass security restrictions and execute unauthorized actions against the queue manager. It carries a CVSS Base score of 7.5, indicating a high level of severity.
  2. CVE-2024-40680: A local user could exploit this vulnerability to cause a denial of service through improper memory allocation, leading to a segmentation fault. This issue has a CVSS Base score of 6.2.
  3. CVE-2024-37371: This vulnerability involves invalid memory reads during GSS message token handling in MIT Kerberos 5, allowing a remote authenticated attacker to cause a denial of service (DOS). It has a CVSS Base score of 6.5.
  4. CVE-2024-37370: Improper access control in MIT Kerberos 5 could allow a remote attacker to bypass security restrictions, potentially causing the unwrapped token to appear truncated. This vulnerability has a CVSS Base score of 7.4.

The vulnerabilities affect a range of IBM MQ Operator and MQ Advanced container images, including IBM MQ Operator versions from 2.0.0 to 3.2.3 and IBM MQ Advanced Container Images covering various versions from 9.2.0.1 to 9.4.0.0.

Download Free Incident Response Plan Template for Your Security Team – Free Download

Remediation and Fixes

IBM has released patches to address these vulnerabilities:

  • IBM MQ Operator v3.2.4 SC2 includes the updated IBM MQ Advanced 9.4.0.5-r1 container image.
  • IBM MQ Operator v2.0.26 LTS includes the updated IBM MQ Advanced 9.3.0.21-r1 container image.

IBM strongly recommends that users apply the latest container images to mitigate these vulnerabilities.

No Workarounds or Mitigations

Currently, there are no workarounds or mitigations available for these vulnerabilities. Users are urged to update their systems promptly.

IBM encourages users to subscribe to “My Notifications” for updates on important product support alerts. For more information, users can refer to IBM’s Secure Engineering Web Portal and the IBM Product Security Incident Response Blog.

For detailed CVSS scores and further information, visit the IBM X-Force Exchange links in the bulletin.

This security bulletin underscores the importance of timely updates and vigilance in maintaining secure IT environments.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

1 hour ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

2 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

2 hours ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

2 hours ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

3 hours ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

3 hours ago