CVE-2024-35113
📋 TL;DR
IBM Control Center versions 6.2.1 and 6.3.1 contain an information disclosure vulnerability where authenticated users can access sensitive information through directory listings. This affects organizations running these specific versions of IBM Control Center. The vulnerability exposes potentially sensitive data to authenticated users who shouldn't have access.
💻 Affected Systems
- IBM Control Center
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could access sensitive configuration files, credentials, or proprietary data exposed through directory listings, potentially leading to further system compromise.
Likely Case
Authenticated users with limited permissions could discover sensitive information they shouldn't have access to, violating data confidentiality.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized users who might discover information beyond their intended permissions.
🎯 Exploit Status
Exploitation requires authenticated access and involves accessing directory listings that expose sensitive information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply fix as per IBM Security Bulletin
Vendor Advisory: https://www.ibm.com/support/pages/node/7174796
Restart Required: Yes
Instructions:
1. Review IBM Security Bulletin
2. Apply the recommended fix from IBM
3. Restart IBM Control Center services
4. Verify the fix is applied
🔧 Temporary Workarounds
Restrict Directory Access
allConfigure web server to prevent directory listings
Configure Apache/Nginx/IIS to disable directory listings
Access Control Hardening
allImplement stricter access controls and least privilege principles
Review and tighten user permissions
Implement role-based access controls
🧯 If You Can't Patch
- Implement strict access controls and monitor authenticated user activity
- Isolate IBM Control Center systems and restrict network access
🔍 How to Verify
Check if Vulnerable:
Check if running IBM Control Center 6.2.1 or 6.3.1 and test authenticated directory listing accessCheck Version:
Check IBM Control Center version through administrative interface or configuration filesVerify Fix Applied:
Verify patch is applied and test that directory listings no longer expose sensitive information📡 Detection & Monitoring
Log Indicators:
- Unusual directory access patterns by authenticated users
- Multiple failed attempts to access restricted directories
Network Indicators:
- HTTP requests for directory listings from authenticated sessions
SIEM Query:
source="ibm_control_center" AND (url="*directory*" OR url="*listing*") AND user!="admin"