Plataforma
other
Componente
maximo-application-suite
Corrigido em
8.10.1
CVE-2024-22328 is an Information Disclosure vulnerability affecting IBM Maximo Application Suite versions 8.10 and 8.11. An attacker can leverage directory traversal techniques to access sensitive files on the system. This vulnerability allows unauthorized access to potentially confidential data. The issue is resolved in version 8.10.1.
This vulnerability allows a remote attacker to bypass access controls and read arbitrary files on the server hosting IBM Maximo Application Suite. By crafting malicious URLs containing directory traversal sequences (e.g., /../), an attacker can navigate the file system and potentially expose configuration files, source code, or other sensitive data. The impact can range from data breaches and intellectual property theft to the compromise of system credentials if configuration files containing passwords or API keys are exposed. While the vulnerability doesn't directly lead to code execution, the information gained could be used to identify and exploit other vulnerabilities within the system.
CVE-2024-22328 was publicly disclosed on April 6, 2024. There is no indication of active exploitation at this time, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently available, but the vulnerability's nature makes it likely that such exploits will emerge. The IBM X-Force ID associated with this vulnerability is 279950.
Organizations deploying IBM Maximo Application Suite versions 8.10 and 8.11 are at risk. This includes companies utilizing Maximo for asset management, predictive maintenance, and other enterprise work management applications. Shared hosting environments where multiple tenants share the same server instance are particularly vulnerable, as a successful attack could potentially impact other tenants.
• linux / server: Monitor access logs for requests containing /../ sequences. Use grep to search for these patterns in web server access logs (e.g., /var/log/apache2/access.log).
grep '/\.\./' /var/log/apache2/access.log• generic web: Use curl to test for directory traversal vulnerabilities. Attempt to access files outside of the intended web root.
curl http://<maximo_suite_url>/../../../../etc/passwd• other: Review file system permissions to ensure that sensitive files are not accessible from the web server's document root.
disclosure
Status do Exploit
EPSS
0.04% (percentil 14%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-22328 is to upgrade to IBM Maximo Application Suite version 8.10.1 or later. If upgrading immediately is not possible, consider implementing temporary workarounds such as restricting access to the application suite through a Web Application Firewall (WAF) or proxy server. Configure the WAF to block requests containing directory traversal sequences like /../. Regularly review and harden file system permissions to limit the potential impact of a successful attack. After upgrade, confirm the vulnerability is resolved by attempting a directory traversal request and verifying that access is denied.
Actualice IBM Maximo Application Suite a una versión que haya solucionado la vulnerabilidad de path traversal. Consulte el advisory de IBM para obtener instrucciones específicas sobre la actualización. Aplique las medidas de seguridad recomendadas por el proveedor para mitigar el riesgo de acceso no autorizado a archivos.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-22328 is a vulnerability in IBM Maximo Application Suite versions 8.10 and 8.11 that allows a remote attacker to read arbitrary files through directory traversal. It is rated HIGH severity (CVSS 7.5).
If you are running IBM Maximo Application Suite versions 8.10 or 8.11, you are potentially affected by this vulnerability. Upgrade to version 8.10.1 or later to mitigate the risk.
The recommended fix is to upgrade to IBM Maximo Application Suite version 8.10.1 or a later version that addresses this vulnerability. As a temporary workaround, implement WAF rules to block directory traversal attempts.
As of the current disclosure date, there is no confirmed evidence of active exploitation of CVE-2024-22328. However, the vulnerability's nature suggests it may become a target for attackers.
Refer to the official IBM Security Bulletin for details: https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/sb140613/0
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.