CVE-2024-45644
📋 TL;DR
This vulnerability allows privileged users in IBM Security ReaQta to upload dangerous file types that can be automatically processed within the product environment. This could lead to remote code execution or system compromise. Only users with administrative or elevated privileges are affected.
💻 Affected Systems
- IBM Security ReaQta
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Privileged attacker uploads malicious file that executes arbitrary code with system-level privileges, leading to complete system compromise and lateral movement within the environment.
Likely Case
Malicious insider or compromised privileged account uploads dangerous file types that could execute code, modify configurations, or exfiltrate data from the ReaQta environment.
If Mitigated
With proper access controls and file validation, impact is limited to denial of service or minor configuration changes within the ReaQta application scope.
🎯 Exploit Status
Exploitation requires privileged access to the ReaQta interface. Attack complexity is low once privileged access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply fix as per IBM Security Advisory
Vendor Advisory: https://www.ibm.com/support/pages/node/7186613
Restart Required: Yes
Instructions:
1. Review IBM Security Advisory. 2. Apply the recommended fix from IBM. 3. Restart the ReaQta service. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Restrict File Upload Types
allConfigure ReaQta to only accept safe file types and implement file validation
Configuration through ReaQta admin interface - no CLI commands
Privilege Access Management
allImplement strict access controls and monitoring for privileged accounts
Use IAM tools to restrict and monitor privileged access
🧯 If You Can't Patch
- Implement strict file upload validation and whitelist only safe file types
- Enforce least privilege access and monitor all privileged user file upload activities
🔍 How to Verify
Check if Vulnerable:
Check if running IBM Security ReaQta version 3.12 and review privileged user file upload capabilitiesCheck Version:
Check ReaQta admin interface or configuration files for version informationVerify Fix Applied:
Verify the fix is applied by checking version/configuration and testing file upload restrictions📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads by privileged users
- Execution of unexpected file types
- File processing errors for dangerous file types
Network Indicators:
- Unusual file transfers to ReaQta management interface
- Unexpected outbound connections after file upload
SIEM Query:
source="reaqta" AND (event_type="file_upload" AND file_type NOT IN ("safe_type1","safe_type2"))