Cyber Security News

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text.

This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwords, posing a significant security risk in affected systems.

Details of the Vulnerability

The vulnerability (CVE-2024-49351) specifically involves the plaintext storage of user credentials, classified under CWE-256: Plaintext Storage of a Password.

This means passwords are not being encrypted or adequately secured, leaving them exposed to local users with access to the system where IBM Workload Scheduler is installed.

The vulnerability is assigned a CVSS Base Score of 5.5, categorizing it as medium severity. According to the CVSS vector, the attack vector is local, meaning an attacker must have physical or network access to the affected system.

The attack complexity is low, indicating that the exploit does not require specialized conditions or significant effort to execute. Only low privileges are needed to carry out the attack, and no user interaction is necessary for exploitation.

The scope of the vulnerability remains unchanged, affecting only the original components without extending to other parts of the system.

According to the IBM report, the vulnerability has a high effect on confidentiality, potentially allowing unauthorized access to sensitive information. However, it does not affect the integrity or availability of the system.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

    Affected Products and Versions

    The vulnerability impacts the following versions of IBM Workload Scheduler:

    ProductVersions Affected
    IBM Workload Scheduler9.5 to 9.5.0.6
    IBM Workload Scheduler10.1 to 10.1.0.4
    IBM Workload Scheduler10.2 to 10.2.1

    To address the issue, IBM strongly recommends upgrading IBM Workload Scheduler to the latest fixed versions. The vulnerability has been patched through APAR IJ53054, which is included in the following versions:

    • 9.5.0.7
    • 10.1.0.5
    • 10.2.2

    These updates are available for download on IBM’s Fix Central platform. Customers using affected versions should implement the fix immediately to mitigate the risk of unauthorized access.

    No Workarounds or Mitigations Available

    IBM has confirmed that there are no temporary workarounds or mitigations for this vulnerability. As a result, upgrading to the fixed versions is the only way to eliminate the risk.

    IBM acknowledged the researchers from TIM S.p.A. SEC-RedTeam-Research Alberto Arganese, Cristian Castrechini, Federico Draghelli, and Massimiliano Brolli—for discovering and reporting the vulnerability.

    IBM encourages customers to evaluate the impact of this vulnerability in their specific environments using the resources provided in the bulletin. Key references include:

    IBM reminds customers that assessing the full impact of this vulnerability depends on their unique environments. While IBM provides CVSS scores and remediation information, users are responsible for implementing fixes and determining the urgency of their response.

    Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

    Balaji

    BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

    Recent Posts

    Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

    A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

    5 minutes ago

    Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

    Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

    30 minutes ago

    CISA Details Red Team Assessment Including TTPs & Network Defense

    The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

    39 minutes ago

    Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

    Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

    1 hour ago

    Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

    Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

    17 hours ago

    Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

    The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

    17 hours ago