Thursday, December 12, 2024
HomeCyber AttackIBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

Published on

SIEM as a Service

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text.

This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwords, posing a significant security risk in affected systems.

Details of the Vulnerability

The vulnerability (CVE-2024-49351) specifically involves the plaintext storage of user credentials, classified under CWE-256: Plaintext Storage of a Password.

- Advertisement - SIEM as a Service

This means passwords are not being encrypted or adequately secured, leaving them exposed to local users with access to the system where IBM Workload Scheduler is installed.

The vulnerability is assigned a CVSS Base Score of 5.5, categorizing it as medium severity. According to the CVSS vector, the attack vector is local, meaning an attacker must have physical or network access to the affected system.

The attack complexity is low, indicating that the exploit does not require specialized conditions or significant effort to execute. Only low privileges are needed to carry out the attack, and no user interaction is necessary for exploitation.

The scope of the vulnerability remains unchanged, affecting only the original components without extending to other parts of the system.

According to the IBM report, the vulnerability has a high effect on confidentiality, potentially allowing unauthorized access to sensitive information. However, it does not affect the integrity or availability of the system.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

    Affected Products and Versions

    The vulnerability impacts the following versions of IBM Workload Scheduler:

    ProductVersions Affected
    IBM Workload Scheduler9.5 to 9.5.0.6
    IBM Workload Scheduler10.1 to 10.1.0.4
    IBM Workload Scheduler10.2 to 10.2.1

    To address the issue, IBM strongly recommends upgrading IBM Workload Scheduler to the latest fixed versions. The vulnerability has been patched through APAR IJ53054, which is included in the following versions:

    • 9.5.0.7
    • 10.1.0.5
    • 10.2.2

    These updates are available for download on IBM’s Fix Central platform. Customers using affected versions should implement the fix immediately to mitigate the risk of unauthorized access.

    No Workarounds or Mitigations Available

    IBM has confirmed that there are no temporary workarounds or mitigations for this vulnerability. As a result, upgrading to the fixed versions is the only way to eliminate the risk.

    IBM acknowledged the researchers from TIM S.p.A. SEC-RedTeam-Research Alberto Arganese, Cristian Castrechini, Federico Draghelli, and Massimiliano Brolli—for discovering and reporting the vulnerability.

    IBM encourages customers to evaluate the impact of this vulnerability in their specific environments using the resources provided in the bulletin. Key references include:

    IBM reminds customers that assessing the full impact of this vulnerability depends on their unique environments. While IBM provides CVSS scores and remediation information, users are responsible for implementing fixes and determining the urgency of their response.

    Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

    Balaji
    Balaji
    BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

    Latest articles

    GitLab Security Update, Patch for Critical Vulnerabilities

    GitLab announced the release of critical security patches for its Community Edition (CE) and...

    BadRAM Attack Breaches AMD Secure VMs with $10 Device

    Researchers have uncovered a vulnerability that allows attackers to compromise AMD's Secure Encrypted Virtualization...

    Splunk RCE Vulnerability Let Attackers Execute Remote Code

    Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...

    Europol Shutsdown 27 DDoS Service Provider Platforms

    In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across...

    API Security Webinar

    72 Hours to Audit-Ready API Security

    APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

    Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

    Discussion points

    API Discovery: Techniques to identify and map your public APIs comprehensively.
    Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
    Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

    More like this

    GitLab Security Update, Patch for Critical Vulnerabilities

    GitLab announced the release of critical security patches for its Community Edition (CE) and...

    BadRAM Attack Breaches AMD Secure VMs with $10 Device

    Researchers have uncovered a vulnerability that allows attackers to compromise AMD's Secure Encrypted Virtualization...

    Splunk RCE Vulnerability Let Attackers Execute Remote Code

    Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...