Serious security vulnerabilities threaten IBM AIX server operating system

IBM AIX and License Metric Tool v9 are vulnerable. Malicious code attacks on servers are conceivable. Security updates are available for download.

Server can be attacked

In a warning message, IBM's developers state that they have closed two “critical” security gaps (CVE-202456346, CVE-2024-56347) in the AIX server operating system. Attackers can use both vulnerabilities to launch malicious code attacks. So far, there have been no reports of attacks, but admins should not delay too long in installing the patches. AIX versions 7.2 and 7.3 are specifically affected. The developers list the security patches in the warning message.

One of these vulnerabilities is rated 10 out of 10 based on the CVSS score. Due to insufficient checks in the context of the NIM master service, attackers can remotely push and execute malicious code on servers in an unspecified way to take control of systems. In the second case, the potential gateway can be found in the nimsh service SSL/TLS protection mechanism.

Further dangers

According to an article, IBM License Metric Tool v9 can be attacked via several security vulnerabilities. Among other things, attackers can paralyze computers via DoS attacks (CVE-2024-45296 “high”) or view and manipulate data without authorization (CVE-2024-21235 “medium”). The developers have closed a total of twelve vulnerabilities.

To secure systems, admins must install IBM License Metric Tool 9.2.39 according to these instructions. In this case, too, there are no indications of attacks so far.

(des)