CVE-2025-36351
📋 TL;DR
This vulnerability in IBM License Metric Tool allows authenticated users to bypass access controls in the REST API interface, enabling unauthorized actions. It affects organizations running IBM License Metric Tool versions 9.2.0 through 9.2.40. The issue stems from improper access control (CWE-284) in the API implementation.
💻 Affected Systems
- IBM License Metric Tool
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious insider could perform administrative actions, modify license data, or access sensitive system information beyond their authorized permissions.
Likely Case
Authenticated users could view or modify license metrics, configuration data, or perform actions they shouldn't have access to, potentially affecting license compliance reporting.
If Mitigated
With proper network segmentation and strict access controls, the impact is limited to authorized users within the administrative network segment.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of the REST API endpoints. No public exploit code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.2.41 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7246534
Restart Required: No
Instructions:
1. Download IBM License Metric Tool version 9.2.41 or later from IBM Fix Central. 2. Follow IBM's upgrade documentation for your specific deployment. 3. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Restrict API Access
allImplement network-level restrictions to limit access to the REST API interface to only authorized administrative systems.
Enhanced Monitoring
allImplement detailed logging and monitoring of all REST API access attempts and administrative actions.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the IBM License Metric Tool from general user networks
- Apply principle of least privilege to all user accounts with access to the system
🔍 How to Verify
Check if Vulnerable:
Check the IBM License Metric Tool version via the web interface or by examining installation files. Versions 9.2.0 through 9.2.40 are vulnerable.Check Version:
Check the version in the web interface at https://[server]:[port]/ibm/console or examine the installation directory for version files.Verify Fix Applied:
After upgrading, verify the version shows 9.2.41 or later in the web interface or about dialog.📡 Detection & Monitoring
Log Indicators:
- Unusual REST API access patterns
- Users performing actions outside their normal role
- Failed access control checks in application logs
Network Indicators:
- Unusual API calls to administrative endpoints
- Traffic to REST API from unauthorized IP addresses
SIEM Query:
source="ibm_license_tool" AND (event_type="api_access" AND user_role!="admin") OR (event_type="access_denied")