CVE-2024-35144
📋 TL;DR
IBM Maximo Application Suite's Monitor Component stores source code files on the web server that could be accessed by attackers. This information disclosure vulnerability could help attackers understand the application's structure and potentially find additional weaknesses. Affects IBM Maximo Application Suite versions 8.10, 8.11, and 9.0 with the Monitor Component enabled.
💻 Affected Systems
- IBM Maximo Application Suite
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain source code, analyze it for additional vulnerabilities, chain with other weaknesses to achieve remote code execution or data exfiltration.
Likely Case
Attackers access source code to understand application architecture, identify hardcoded credentials, API keys, or business logic flaws for further exploitation.
If Mitigated
Limited information disclosure with no direct path to system compromise if proper network segmentation and access controls are in place.
🎯 Exploit Status
Information disclosure vulnerabilities typically require minimal technical skill to exploit once the vulnerable endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply interim fix or upgrade to latest version
Vendor Advisory: https://www.ibm.com/support/pages/node/7174953
Restart Required: Yes
Instructions:
1. Review IBM advisory 7174953. 2. Apply the recommended interim fix for your version. 3. Restart the Maximo Application Suite services. 4. Verify source code files are no longer accessible.
🔧 Temporary Workarounds
Remove or restrict access to Monitor Component
allDisable the Monitor Component if not required for operations
Web server access controls
linuxConfigure web server to block access to source code directories
# Apache example: <Location "/monitor/source/"> Require all denied </Location>
# Nginx example: location ~ ^/monitor/source/ { deny all; }
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the Monitor Component endpoints
- Deploy a web application firewall with rules to block access to source code file patterns
🔍 How to Verify
Check if Vulnerable:
Attempt to access Monitor Component source code URLs (e.g., /monitor/source/*.java, /monitor/source/*.js) from an unauthenticated perspectiveCheck Version:
Check Maximo version via administrative console or review installation documentationVerify Fix Applied:
Verify source code files are no longer accessible via web requests after applying patch or workarounds📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses for source code file requests
- Unusual access patterns to /monitor/source/ paths
- Multiple failed attempts followed by successful source code access
Network Indicators:
- Unusual GET requests for .java, .js, .xml files in monitor paths
- Traffic to Monitor Component from unexpected sources
SIEM Query:
web_access_logs status=200 AND uri_path="/monitor/source/" AND (uri_extension="java" OR uri_extension="js" OR uri_extension="xml")