CVE-2023-47142 – This vulnerability in IBM Tivoli Application De... (How to Fix)

Q: What is the severity of CVE-2023-47142?

CVE-2023-47142 has a CVSS score of 7.5 (HIGH). This vulnerability in IBM Tivoli Application Dependency Discovery Manager allows attackers on the local network to escalate privileges through unauthorized API access. Attackers could gain administrative control over the system. Organizations running affected versions of TADDM are at risk.

📋 TL;DR

This vulnerability in IBM Tivoli Application Dependency Discovery Manager allows attackers on the local network to escalate privileges through unauthorized API access. Attackers could gain administrative control over the system. Organizations running affected versions of TADDM are at risk.

💻 Affected Systems

Products:

IBM Tivoli Application Dependency Discovery Manager

Versions: 7.3.0.0 through 7.3.0.10

Operating Systems: All supported platforms for TADDM

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments within the affected version range are vulnerable. No special configuration required.

📦 What is this software?

Tivoli Application Dependency Discovery Manager by Ibm

View all CVEs affecting Tivoli Application Dependency Discovery Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attacker gains administrative privileges, accesses sensitive discovery data, and potentially pivots to other systems.

🟠

Likely Case

Privilege escalation leading to unauthorized access to application dependency data and system configuration.

🟢

If Mitigated

Limited impact if network segmentation restricts local network access and proper authentication controls are in place.

🌐 Internet-Facing: LOW - The vulnerability requires local network access, not internet-facing exposure.

🏢 Internal Only: HIGH - Attackers on the internal network can exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access but appears to be straightforward based on the CWE-863 (Incorrect Authorization) classification.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.3.0.11 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7105139

Restart Required: Yes

Instructions:

1. Download the fix from IBM Fix Central. 2. Apply the fix following IBM's installation instructions. 3. Restart the TADDM services. 4. Verify the fix by checking the version.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to TADDM to only authorized management systems and administrators.

Use firewall rules to limit access to TADDM ports (typically 9443, 9080, 9081)

Access Control Lists

all

Implement strict network ACLs to limit which systems can communicate with TADDM.

Configure network devices to allow only specific IP ranges to access TADDM

🧯 If You Can't Patch

Implement strict network segmentation to isolate TADDM from general user networks
Monitor TADDM API access logs for unauthorized privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check the TADDM version via the web interface or by examining installation files. Versions 7.3.0.0 through 7.3.0.10 are vulnerable.

Check Version:

Check the TADDM web interface at https://<server>:9443/taddm or examine the product version in installation directories.

Verify Fix Applied:

Verify the version is 7.3.0.11 or later and test API authorization controls.

📡 Detection & Monitoring

Log Indicators:

Unauthorized API calls, privilege escalation attempts, unexpected administrative actions

Network Indicators:

Unusual API traffic patterns, connections from unexpected internal IPs

SIEM Query:

source="taddm" AND (event_type="api_call" AND user_privilege_change="true")

📊 Metadata

CVE ID: CVE-2023-47142

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: February 2, 2024

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7105139 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7105139 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47142, you might also want to check these: