CVE-2024-35117
📋 TL;DR
IBM OpenPages with Watson 9.0 may write sensitive information in clear text to system tracing log files under specific configurations. This could allow privileged users to access sensitive data they shouldn't normally see. Only affects IBM OpenPages with Watson installations using specific configurations that enable tracing.
💻 Affected Systems
- IBM OpenPages with Watson
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Privileged users could access sensitive information like credentials, configuration secrets, or business data from log files, leading to data exposure or privilege escalation.
Likely Case
Privileged users with access to log files could read sensitive configuration data or credentials that should be protected.
If Mitigated
With proper access controls and log file protection, the risk is limited to authorized administrators who already have high privileges.
🎯 Exploit Status
Exploitation requires privileged user access to read log files. No authentication bypass needed for already privileged users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply interim fix or upgrade as specified in IBM advisory
Vendor Advisory: https://www.ibm.com/support/pages/node/7165392
Restart Required: Yes
Instructions:
1. Review IBM advisory at provided URL
2. Apply interim fix or upgrade as recommended
3. Restart IBM OpenPages services
4. Verify tracing configurations are secure
🔧 Temporary Workarounds
Disable tracing
allDisable system tracing configurations that cause sensitive information to be written to logs
Configure OpenPages to disable tracing or limit tracing to non-sensitive operations
Restrict log file access
linuxApply strict file permissions to tracing log files
chmod 600 tracing_logs/*
Set appropriate ACLs to restrict access to authorized administrators only
🧯 If You Can't Patch
- Implement strict access controls on log directories and files
- Regularly audit and monitor access to tracing log files
- Disable unnecessary tracing configurations
🔍 How to Verify
Check if Vulnerable:
Check if tracing is enabled in OpenPages configuration and review log files for sensitive informationCheck Version:
Check OpenPages version through administrative interface or configuration filesVerify Fix Applied:
Verify tracing configurations are secure and log files no longer contain sensitive information in clear text📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to tracing log files
- Sensitive information appearing in log files
Network Indicators:
- Unusual file access patterns to log directories
SIEM Query:
source="openpages_logs" AND (event="file_access" AND target="*tracing*log*")