CVE-2024-49794 – IBM ApplinX 11.1 contains a cross-site request ... (How to Fix)

Q: What is the severity of CVE-2024-49794?

CVE-2024-49794 has a CVSS score of 4.3 (MEDIUM). IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions on their behalf. This affects all users of IBM ApplinX 11.1 who access the application through a web browser.

📋 TL;DR

IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions on their behalf. This affects all users of IBM ApplinX 11.1 who access the application through a web browser.

💻 Affected Systems

Products:

IBM ApplinX

Versions: 11.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of IBM ApplinX 11.1 are affected regardless of configuration.

📦 What is this software?

Applinx by Ibm

View all CVEs affecting Applinx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could perform administrative actions like creating new users, changing configurations, or accessing sensitive data by tricking an administrator into clicking a malicious link.

🟠

Likely Case

Attackers could modify user settings, change application configurations, or perform actions within the user's privilege level without their consent.

🟢

If Mitigated

With proper CSRF protections and user awareness, the risk is significantly reduced as legitimate requests would be validated and users would be cautious about clicking unknown links.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to be authenticated and visit a malicious page while logged into ApplinX.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the fix from IBM Security Bulletin 7182522

Vendor Advisory: https://www.ibm.com/support/pages/node/7182522

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin 7182522
2. Download the appropriate fix from IBM Fix Central
3. Apply the fix following IBM's installation instructions
4. Restart the ApplinX service

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax attributes on session cookies

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect CSRF patterns
Educate users about the risks of clicking unknown links while authenticated

🔍 How to Verify

Check if Vulnerable:

Check if your ApplinX version is 11.1 and review the IBM Security Bulletin for specific vulnerable components

Check Version:

Check the ApplinX administration console or configuration files for version information

Verify Fix Applied:

Verify that anti-CSRF tokens are present in all forms and state-changing requests after applying the patch

📡 Detection & Monitoring

Log Indicators:

Multiple state-changing requests from same user with different referrers
Unusual administrative actions from regular users

Network Indicators:

Requests with missing or invalid CSRF tokens
Requests with external referrers performing privileged actions

SIEM Query:

source="applinx" AND (action="create" OR action="modify" OR action="delete") AND referrer NOT CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2024-49794

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (12.1th percentile)

Published: February 6, 2025

Last Updated: February 12, 2025

🔗 References

https://www.ibm.com/support/pages/node/7182522 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49794, you might also want to check these: