CVE-2024-31906
📋 TL;DR
IBM Automation Decision Services 23.0.2 stores web pages locally in a way that allows other users on the same system to read them. This information disclosure vulnerability affects organizations using this specific version of IBM's decision automation platform.
💻 Affected Systems
- IBM Automation Decision Services
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Sensitive business logic, configuration data, or proprietary decision rules stored in web pages could be accessed by unauthorized local users, potentially leading to intellectual property theft or system compromise.
Likely Case
Unauthorized users on the same system can access locally stored web pages containing application data, configuration details, or session information.
If Mitigated
With proper access controls and user separation, the impact is limited to authorized users only accessing their own stored data.
🎯 Exploit Status
Exploitation requires local system access and knowledge of where web pages are stored. No authentication bypass needed beyond local user access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply fix from IBM Security Bulletin
Vendor Advisory: https://www.ibm.com/support/pages/node/7150662
Restart Required: Yes
Instructions:
1. Review IBM Security Bulletin. 2. Apply the fix provided by IBM. 3. Restart IBM Automation Decision Services. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Restrict local file permissions
linuxManually adjust file system permissions on stored web pages to restrict access to authorized users only.
chmod 600 /path/to/stored/webpages/*
chown authorized_user:authorized_group /path/to/stored/webpages/
Implement user separation
allEnsure different users do not share the same IBM Automation Decision Services installation or system account.
🧯 If You Can't Patch
- Implement strict user access controls to prevent unauthorized local users from accessing the system
- Monitor file access logs for unauthorized attempts to read stored web pages
🔍 How to Verify
Check if Vulnerable:
Check if running IBM Automation Decision Services version 23.0.2 and review file permissions on locally stored web pages.Check Version:
Check IBM Automation Decision Services administration console or configuration files for version information.Verify Fix Applied:
Verify the fix is applied per IBM's instructions and test that web pages are no longer accessible to unauthorized local users.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file access attempts to web page storage locations
- Multiple user accounts accessing the same web page files
Network Indicators:
- Not applicable - local file system vulnerability
SIEM Query:
File access events from unauthorized users to IBM Automation Decision Services web page storage paths