IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text.
This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwords, posing a significant security risk in affected systems.
Details of the Vulnerability
The vulnerability (CVE-2024-49351) specifically involves the plaintext storage of user credentials, classified under CWE-256: Plaintext Storage of a Password.
This means passwords are not being encrypted or adequately secured, leaving them exposed to local users with access to the system where IBM Workload Scheduler is installed.
The vulnerability is assigned a CVSS Base Score of 5.5, categorizing it as medium severity. According to the CVSS vector, the attack vector is local, meaning an attacker must have physical or network access to the affected system.
The attack complexity is low, indicating that the exploit does not require specialized conditions or significant effort to execute. Only low privileges are needed to carry out the attack, and no user interaction is necessary for exploitation.
The scope of the vulnerability remains unchanged, affecting only the original components without extending to other parts of the system.
According to the IBM report, the vulnerability has a high effect on confidentiality, potentially allowing unauthorized access to sensitive information. However, it does not affect the integrity or availability of the system.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Affected Products and Versions
The vulnerability impacts the following versions of IBM Workload Scheduler:
Product | Versions Affected |
---|---|
IBM Workload Scheduler | 9.5 to 9.5.0.6 |
IBM Workload Scheduler | 10.1 to 10.1.0.4 |
IBM Workload Scheduler | 10.2 to 10.2.1 |
To address the issue, IBM strongly recommends upgrading IBM Workload Scheduler to the latest fixed versions. The vulnerability has been patched through APAR IJ53054, which is included in the following versions:
- 9.5.0.7
- 10.1.0.5
- 10.2.2
These updates are available for download on IBM’s Fix Central platform. Customers using affected versions should implement the fix immediately to mitigate the risk of unauthorized access.
No Workarounds or Mitigations Available
IBM has confirmed that there are no temporary workarounds or mitigations for this vulnerability. As a result, upgrading to the fixed versions is the only way to eliminate the risk.
IBM acknowledged the researchers from TIM S.p.A. SEC-RedTeam-Research Alberto Arganese, Cristian Castrechini, Federico Draghelli, and Massimiliano Brolli—for discovering and reporting the vulnerability.
IBM encourages customers to evaluate the impact of this vulnerability in their specific environments using the resources provided in the bulletin. Key references include:
IBM reminds customers that assessing the full impact of this vulnerability depends on their unique environments. While IBM provides CVSS scores and remediation information, users are responsible for implementing fixes and determining the urgency of their response.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.