CVE-2024-31904 – This vulnerability in IBM App Connect Enterpris... (How to Fix)

Q: What is the severity of CVE-2024-31904?

CVE-2024-31904 has a CVSS score of 6.5 (MEDIUM). This vulnerability in IBM App Connect Enterprise allows authenticated users to trigger an uncaught exception, causing a denial of service (DoS) condition. It affects integration nodes in versions 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0. Organizations running these versions with authenticated user access are at risk.

📋 TL;DR

This vulnerability in IBM App Connect Enterprise allows authenticated users to trigger an uncaught exception, causing a denial of service (DoS) condition. It affects integration nodes in versions 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0. Organizations running these versions with authenticated user access are at risk.

💻 Affected Systems

Products:

IBM App Connect Enterprise

Versions: 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects integration nodes; requires authenticated user access.

📦 What is this software?

App Connect Enterprise by Ibm

View all CVEs affecting App Connect Enterprise →

App Connect Enterprise by Ibm

View all CVEs affecting App Connect Enterprise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of the integration node, disrupting all business processes and data flows that depend on it.

🟠

Likely Case

Temporary service disruption requiring node restart, causing business process interruptions and potential data loss.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid restart capabilities in place.

🌐 Internet-Facing: MEDIUM - While authentication is required, internet-facing nodes could be targeted by attackers with stolen credentials.

🏢 Internal Only: MEDIUM - Internal authenticated users (malicious or compromised accounts) could disrupt critical integration services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but triggering the uncaught exception appears straightforward based on CWE-248 description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM App Connect Enterprise 11.0.0.26 or later, or 12.0.13.0 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7154607

Restart Required: Yes

Instructions:

1. Download the fix from IBM Fix Central. 2. Apply the fix following IBM's installation instructions. 3. Restart the integration node. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Restrict User Access

all

Limit authenticated user access to integration nodes to only necessary administrative accounts.

Implement Monitoring and Auto-restart

all

Set up monitoring for node crashes and implement automated restart procedures.

🧯 If You Can't Patch

Implement strict access controls to limit which authenticated users can interact with integration nodes.
Deploy redundant nodes with load balancing to maintain service availability if one node goes down.

🔍 How to Verify

Check if Vulnerable:

Check the IBM App Connect Enterprise version using the mqsiversion command or via the IBM Integration Console.

Check Version:

mqsiversion

Verify Fix Applied:

Verify the version is 11.0.0.26+ or 12.0.13.0+ and test node stability under normal authenticated operations.

📡 Detection & Monitoring

Log Indicators:

Integration node crash logs
Uncaught exception errors in system logs
Unexpected node termination events

Network Indicators:

Sudden loss of connectivity to integration services
Failed API calls to integration endpoints

SIEM Query:

source="app_connect_logs" AND ("uncaught exception" OR "node crash" OR "denial of service")

📊 Metadata

CVE ID: CVE-2024-31904

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-248

Published: May 22, 2024

Last Updated: January 7, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/289647 VDB Entry
https://www.ibm.com/support/pages/node/7154607 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/289647 VDB Entry
https://www.ibm.com/support/pages/node/7154607 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31904, you might also want to check these: