

SmokeLoader Malware – Active IOCs
January 27, 2025
MintsLoader Malware Campaign Targets Sectors with StealC and BOINC – Active IOCs
January 27, 2025
SmokeLoader Malware – Active IOCs
January 27, 2025
MintsLoader Malware Campaign Targets Sectors with StealC and BOINC – Active IOCs
January 27, 2025Severity
Medium
Analysis Summary
CVE-2024-52366 CVSS:5.9
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2024-52363 CVSS:2.8
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-52361 CVSS:5.7
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.
CVE-2024-52359 CVSS:4.3
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.
CVE-2024-51472 CVSS:3.1
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2024-51471 CVSS:5.3
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
CVE-2024-51470 CVSS:3.6
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
CVE-2024-51465 CVSS:5.9
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Impact
- Information Disclosure
- Denial-of-Service
- Gain Access
Indicators of Compromise
CVE
CVE-2024-52366
CVE-2024-52363
CVE-2024-52361
CVE-2024-52359
CVE-2024-51472
CVE-2024-51471
CVE-2024-51470
CVE-2024-51465
Affected Vendors
Affected Products
- IBM InfoSphere Information Server 11.7
- IBM MQ Appliance 9.3 CD
- IBM MQ 9.1 LTS
- IBM MQ 9.2 LTS
- IBM MQ 9.3 LTS
- IBM MQ 9.3 CD
- IBM MQ Appliance 9.3 LTS
- IBM Concert Software 1.0.0
- IBM Concert Software 1.0.1
- IBM Concert Software 1.0.2
- IBM Concert Software 1.0.2.1
- IBM Concert Software 1.0.3
- IBM Storage Defender - Resiliency Service 2.0.0
- IBM Storage Defender - Resiliency Service 2.0.9
- IBM UrbanCode Deploy (UCD) 7.2
- IBM UrbanCode Deploy (UCD) 7.2.3.13
- IBM UrbanCode Deploy (UCD) 7.3
- IBM UrbanCode Deploy (UCD)7.3.2.8
- IBM MQ Appliance 9.4 LTS
- IBM MQ 9.4 LTS
- IBM App Connect Enterprise Certified Container 11.4
- IBM App Connect Enterprise Certified Container11.5
- IBM App Connect Enterprise Certified Container 11.6
- IBM App Connect Enterprise Certified Container12.0
- IBM App Connect Enterprise Certified Container 12.1
- IBM App Connect Enterprise Certified Container 12.2
- IBM App Connect Enterprise Certified Container 12.3
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.