Login Sign Up

CVE-2024-52896

6.2 MEDIUM

📋 TL;DR

IBM MQ web console versions 9.2-9.4 can leak sensitive technical error information to remote attackers. This information disclosure vulnerability affects organizations using IBM MQ's web-based management interface. Attackers can exploit this to gather internal system details that could facilitate further attacks.

💻 Affected Systems

Products:
  • IBM MQ
Versions: 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the web console component, not the core MQ messaging functionality.

📦 What is this software?

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain detailed system information, configuration details, or internal error messages that reveal architecture, software versions, or potential attack vectors for follow-on exploitation.

🟠

Likely Case

Attackers gather technical details about the IBM MQ environment that could help them plan more targeted attacks or understand system architecture.

🟢

If Mitigated

Limited information leakage with no direct system compromise, though some technical details may still be exposed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires triggering error conditions in the web console, which may be done through malformed requests or other means.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix packs as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7179152

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific fix pack versions. 2. Download appropriate fix pack from IBM Fix Central. 3. Apply fix pack following IBM installation procedures. 4. Restart IBM MQ services.

🔧 Temporary Workarounds

Disable Web Console

all

Temporarily disable the IBM MQ web console if not required for operations

Stop the web console service or disable its startup

Restrict Network Access

all

Limit web console access to trusted networks only

Configure firewall rules to restrict access to web console port (typically 9443)

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate IBM MQ web console from untrusted networks
  • Deploy web application firewall (WAF) with rules to detect and block error disclosure patterns

🔍 How to Verify

Check if Vulnerable:

Check IBM MQ version and installed fix packs against advisory requirements

Check Version:

dspmqver (on Windows: runmqver)

Verify Fix Applied:

Verify fix pack installation and test web console error responses no longer contain sensitive details

📡 Detection & Monitoring

Log Indicators:

  • Unusual error messages in web console logs
  • Multiple failed requests triggering error responses

Network Indicators:

  • Unusual traffic patterns to web console error endpoints
  • External IPs accessing error-related URLs

SIEM Query:

source="ibm_mq_web_console" AND (message="*error*" OR message="*exception*")

📊 Metadata

CVE ID: CVE-2024-52896
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-209
Published: December 19, 2024
Last Updated: August 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52896, you might also want to check these:

CVE-2025-62168 10.0

Squid caching proxy versions before 7.2 fail to properly redact HTTP authentication credentials in e...

Same vulnerability type (CWE-209)
CVE-2025-46658 9.8

CVE-2025-46658 is an information disclosure vulnerability in 4C Strategies ExonautWeb where verbose ...

Same vulnerability type (CWE-209)
CVE-2024-6980 9.8

A verbose error handling issue in the GravityZone Update Server proxy service allows attackers to pe...

Same vulnerability type (CWE-209)