Login Sign Up

CVE-2024-54173

4.7 MEDIUM

📋 TL;DR

IBM MQ versions 9.3 and 9.4 expose sensitive information in trace files when webconsole trace is enabled. This information disclosure vulnerability allows local users to read potentially sensitive data from these files. Only systems with webconsole trace enabled are affected.

💻 Affected Systems

Products:
  • IBM MQ
Versions: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
Operating Systems: All supported platforms
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when webconsole trace is enabled. Default configuration does not have this enabled.

📦 What is this software?

Mq Appliance by Ibm

View all CVEs affecting Mq Appliance →

Mq Appliance by Ibm

View all CVEs affecting Mq Appliance →

Mq Appliance by Ibm

View all CVEs affecting Mq Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could extract credentials, configuration secrets, or other sensitive data from trace files, potentially enabling further system compromise.

🟠

Likely Case

Local users with access to trace files could read configuration details or other non-critical sensitive information.

🟢

If Mitigated

With proper access controls and trace disabled, the vulnerability has minimal impact.

🌐 Internet-Facing: LOW - This requires local access to the system, not remote exploitation.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gather sensitive information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system and read access to trace files. No authentication bypass needed beyond local file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade to fixed versions as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7183370

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific fix versions. 2. Apply interim fix or upgrade to patched version. 3. Restart IBM MQ services. 4. Verify trace functionality if needed.

🔧 Temporary Workarounds

Disable webconsole trace

all

Turn off webconsole trace functionality to prevent sensitive information from being written to trace files

mqsc -n -s QMGR_NAME
ALTER QMGR TRACE(CONSOLE=OFF)

Restrict trace file permissions

linux

Set strict file permissions on trace directories to prevent unauthorized local access

chmod 700 /var/mqm/trace/
chown mqm:mqm /var/mqm/trace/

🧯 If You Can't Patch

  • Disable webconsole trace functionality immediately
  • Implement strict file system permissions on trace directories and monitor access

🔍 How to Verify

Check if Vulnerable:

Check if webconsole trace is enabled using 'dspmqtrc' command or examine MQ configuration

Check Version:

dspmqver

Verify Fix Applied:

Verify trace files no longer contain sensitive information and check applied fix version

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to trace file directories
  • Trace files containing unexpected sensitive data

Network Indicators:

  • N/A - local file access only

SIEM Query:

EventID=4663 AND ObjectName LIKE '%trace%' AND AccessMask=0x1

📊 Metadata

CVE ID: CVE-2024-54173
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-1323
EPSS Score: 0.02% exploit probability (3.5th percentile)
Published: February 28, 2025
Last Updated: July 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54173, you might also want to check these:

CVE-2024-49338 4.4

IBM App Connect Enterprise versions 12.0.1.0-12.0.7.0 and 13.0.1.0, under certain configurations, al...

Same vulnerability type (CWE-1323)