CVE-2024-49338 – IBM App Connect Enterprise versions 12.0.1.0-12... (How to Fix)

Q: What is the severity of CVE-2024-49338?

CVE-2024-49338 has a CVSS score of 4.4 (MEDIUM). IBM App Connect Enterprise versions 12.0.1.0-12.0.7.0 and 13.0.1.0, under certain configurations, allow privileged users to obtain JMS credentials. This could lead to unauthorized access to JMS resources. Only systems with specific vulnerable configurations are affected.

📋 TL;DR

IBM App Connect Enterprise versions 12.0.1.0-12.0.7.0 and 13.0.1.0, under certain configurations, allow privileged users to obtain JMS credentials. This could lead to unauthorized access to JMS resources. Only systems with specific vulnerable configurations are affected.

💻 Affected Systems

Products:

IBM App Connect Enterprise

Versions: 12.0.1.0 through 12.0.7.0 and 13.0.1.0

Operating Systems: All supported operating systems

Default Config Vulnerable: ✅ No

Notes: Only vulnerable under certain configurations as specified in IBM advisory.

📦 What is this software?

App Connect Enterprise by Ibm

View all CVEs affecting App Connect Enterprise →

App Connect Enterprise by Ibm

View all CVEs affecting App Connect Enterprise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged user obtains JMS credentials and uses them to access, modify, or delete JMS messages, potentially disrupting message flows or accessing sensitive data.

🟠

Likely Case

Privileged user gains unauthorized access to JMS resources, potentially reading or manipulating message queues.

🟢

If Mitigated

Minimal impact if proper access controls and monitoring are in place to detect unusual privileged user activity.

🌐 Internet-Facing: LOW - Exploitation requires privileged user access, making direct internet exploitation unlikely.

🏢 Internal Only: MEDIUM - Internal privileged users could exploit this, but requires specific configurations and user privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires privileged user access and specific vulnerable configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as per IBM advisory APAR IJ51466

Vendor Advisory: https://www.ibm.com/support/pages/node/7175396

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Apply fix for APAR IJ51466. 3. Restart IBM App Connect Enterprise.

🔧 Temporary Workarounds

Restrict privileged user access

all

Limit privileged user accounts to only those necessary and monitor their activities.

Review and secure JMS configurations

all

Audit JMS configurations to ensure they follow security best practices and limit exposure.

🧯 If You Can't Patch

Implement strict access controls for privileged users and monitor their activities closely.
Regularly audit JMS configurations and credentials, rotating credentials if possible.

🔍 How to Verify

Check if Vulnerable:

Check IBM App Connect Enterprise version and configuration against advisory details.

Check Version:

Check version via IBM App Connect Enterprise administration interface or configuration files.

Verify Fix Applied:

Verify that fix for APAR IJ51466 is applied and system is restarted.

📡 Detection & Monitoring

Log Indicators:

Unusual privileged user access to JMS resources or configuration files.

Network Indicators:

Unexpected JMS connections or credential access patterns.

SIEM Query:

Search for privileged user activities related to JMS configuration or credential access in logs.

📊 Metadata

CVE ID: CVE-2024-49338

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1323

EPSS Score: 0.09% exploit probability (24.8th percentile)

Published: January 18, 2025

Last Updated: August 13, 2025

🔗 References

https://www.ibm.com/support/pages/node/7175396 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49338, you might also want to check these: