CVE-2024-22315 – IBM Fusion and IBM Fusion HCI versions 2.3.0 th... (How to Fix)

Q: What is the severity of CVE-2024-22315?

CVE-2024-22315 has a CVSS score of 4.0 (MEDIUM). IBM Fusion and IBM Fusion HCI versions 2.3.0 through 2.8.2 allow insecure network connections from compromised containers. An attacker who gains access to a Fusion container can establish unauthorized external network connections, potentially exfiltrating data or accessing internal resources. This affects organizations running vulnerable IBM Fusion deployments.

📋 TL;DR

IBM Fusion and IBM Fusion HCI versions 2.3.0 through 2.8.2 allow insecure network connections from compromised containers. An attacker who gains access to a Fusion container can establish unauthorized external network connections, potentially exfiltrating data or accessing internal resources. This affects organizations running vulnerable IBM Fusion deployments.

💻 Affected Systems

Products:

IBM Fusion
IBM Fusion HCI

Versions: 2.3.0 through 2.8.2

Operating Systems: Linux-based container hosts

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to first gain access to a Fusion container through other means.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker pivots from container to internal network, exfiltrates sensitive data, or establishes persistent backdoors to critical infrastructure.

🟠

Likely Case

Limited data exfiltration from the compromised container or unauthorized access to adjacent internal services.

🟢

If Mitigated

Isolated container compromise with no network egress due to proper segmentation controls.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires initial container compromise; network egress capability is then available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.3 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7179168

Restart Required: Yes

Instructions:

1. Backup configurations. 2. Upgrade to IBM Fusion/Fusion HCI 2.8.3 or later. 3. Restart affected services/containers. 4. Verify network restrictions are enforced.

🔧 Temporary Workarounds

Network Policy Enforcement

linux

Implement strict network policies to restrict container egress traffic.

# Use Kubernetes NetworkPolicy or similar to deny all egress from Fusion containers
kubectl apply -f network-policy-deny-egress.yaml

Container Runtime Restrictions

linux

Configure container runtime (e.g., Docker, containerd) to block external network access.

docker run --network none <container>
# Or use --net=host with caution and iptables rules

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to block all egress traffic from Fusion containers.
Monitor container network activity for unauthorized external connections and investigate anomalies.

🔍 How to Verify

Check if Vulnerable:

Check IBM Fusion version via management interface or CLI; if version is between 2.3.0 and 2.8.2 inclusive, it is vulnerable.

Check Version:

ibmfusion version or check via IBM Fusion web console

Verify Fix Applied:

After patching, attempt to establish external network connection from a test container; connection should be blocked.

📡 Detection & Monitoring

Log Indicators:

Unexpected outbound connection attempts from Fusion containers in container runtime logs
Network policy violation logs in Kubernetes or similar orchestrators

Network Indicators:

Outbound traffic from Fusion containers to external IPs not in allowlist
Unusual protocol usage or data exfiltration patterns

SIEM Query:

source="container_logs" AND (outbound_connection OR egress_denied) AND container_name="*fusion*"

📊 Metadata

CVE ID: CVE-2024-22315

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-923

EPSS Score: 0.01% exploit probability (1.5th percentile)

Published: January 28, 2025

Last Updated: August 19, 2025

🔗 References

https://www.ibm.com/support/pages/node/7179168 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22315, you might also want to check these: