CVE-2024-35134 – IBM Analytics Content Hub 2.0 discloses sensiti... (How to Fix)

Q: What is the severity of CVE-2024-35134?

CVE-2024-35134 has a CVSS score of 5.3 (MEDIUM). IBM Analytics Content Hub 2.0 discloses sensitive technical error information to remote attackers via browser responses. This information leakage could enable reconnaissance for further attacks. Only IBM Analytics Content Hub 2.0 installations are affected.

📋 TL;DR

IBM Analytics Content Hub 2.0 discloses sensitive technical error information to remote attackers via browser responses. This information leakage could enable reconnaissance for further attacks. Only IBM Analytics Content Hub 2.0 installations are affected.

💻 Affected Systems

Products:

IBM Analytics Content Hub

Versions: 2.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 2.0 is affected according to IBM advisory.

📦 What is this software?

Analytics Content Hub by Ibm

View all CVEs affecting Analytics Content Hub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain detailed system information, architecture details, or internal paths that could enable targeted follow-up attacks like SQL injection or authentication bypass.

🟠

Likely Case

Attackers gather technical details about the application stack, server configuration, or database information that assists in crafting more sophisticated attacks.

🟢

If Mitigated

Only generic error messages are displayed, preventing information disclosure while maintaining functionality.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires triggering error conditions that reveal detailed technical messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7172787

Restart Required: Yes

Instructions:

1. Review IBM advisory 2. Apply interim fix or upgrade 3. Restart IBM Analytics Content Hub service 4. Verify error messages are generic

🔧 Temporary Workarounds

Configure generic error messages

all

Configure application to return generic error messages instead of detailed technical information

Web application firewall rules

all

Implement WAF rules to block or sanitize error messages containing technical details

🧯 If You Can't Patch

Implement network segmentation to restrict access to IBM Analytics Content Hub
Deploy web application firewall with rules to detect and block detailed error responses

🔍 How to Verify

Check if Vulnerable:

Test error conditions and check if detailed technical information is returned in browser responses

Check Version:

Check IBM Analytics Content Hub administration interface or configuration files for version information

Verify Fix Applied:

Test error conditions and verify only generic error messages are displayed

📡 Detection & Monitoring

Log Indicators:

Unusual error patterns
Multiple error requests from single sources

Network Indicators:

HTTP responses containing detailed stack traces or technical error details

SIEM Query:

http.response_code >= 500 AND (http.response_body CONTAINS 'stack trace' OR http.response_body CONTAINS 'technical error')

📊 Metadata

CVE ID: CVE-2024-35134

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-209

EPSS Score: 0.07% exploit probability (21th percentile)

Published: January 25, 2025

Last Updated: July 25, 2025

🔗 References

https://www.ibm.com/support/pages/node/7172787 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35134, you might also want to check these: