IBM App Connect Enterprise and IBM Integration Bus for z/OS update for Apache Kafka Clients

1) Information disclosure

EUVDB-ID: #VU100780

Risk: Medium

CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-31141

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to the way Apache Kafka Clients handles custom configurations. A remote user with access to REST API can read arbitrary files and variables on the system and escalate their privileges filesystem/environment access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Integration Bus for z/OS: 10.1.0.0 - 10.1.0.5

IBM App Connect Enterprise: 12.0.1.0 - 12.0.12.7

CPE2.3

• cpe:2.3:a:ibm_corporation:integration_bus_for_z_os:10.1.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:integration_bus_for_z_os:10.1.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:integration_bus_for_z_os:10.1.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_app_connect_enterprise:12.0.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_app_connect_enterprise:12.0.3.0:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7184106

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.