A critical vulnerability, identified as CVE-2024-49820, has been found in IBM Security Guardium Key Lifecycle Manager (SKLM) versions 4.1, 4.1.1, 4.2., and 4.2.1. This vulnerability could allow remote attackers to obtain sensitive information by exploiting the failure to properly enable HTTP Strict Transport Security (HSTS). They could do this using Man-in-the-Middle (MITM) techniques, which intercept the data transmissions between clients and servers.

Here is a simple code snippet using Python to demonstrate how this vulnerability could be detected

import requests

url = "https://YOUR-SKLM-SERVER-IP:YOUR-SKLM-SERVER-PORT/";
response = requests.get(url)

if "strict-transport-security" not in response.headers:
    print("Vulnerable to CVE-2024-49820")
else:
    print("Not vulnerable")

Replace "YOUR-SKLM-SERVER-IP" and "YOUR-SKLM-SERVER-PORT" with the IP address and port number of your SKLM server, respectively.

Exploit Details

The exploit relies on a MITM attack, which involves intercepting the communication between the client and server. With this vulnerability, remote attackers can intercept the data transmitted over HTTPS connections, obtain sensitive information, and potentially alter the data in transit.

NIST National Vulnerability Database (NVD): CVE-2024-49820

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-49820

2. IBM Security Bulletin: Vulnerability in IBM Security Guardium Key Lifecycle Manager (SKLM) affects IBM Security Guardium and IBM Security Key Lifecycle Manager
Link: https://www.ibm.com/support/pages/node/6683056

MITRE: CVE-2024-49820 Detail

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49820

Possible Mitigation Strategies

IBM has provided fixes for the affected SKLM versions, which are available in the software updates. It is strongly recommended that users update their affected systems as soon as possible.

IBM Security Guardium Key Lifecycle Manager version 4.2.1 – Update to version 4.2.1.1

Until an update can be applied, system administrators can implement HSTS manually by adding the Strict-Transport-Security header to the server configuration. Here's an example for Apache HTTP server:

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

Conclusion

CVE-2024-49820 is a critical vulnerability that exposes sensitive information to remote attackers through the lack of proper HSTS. It affects IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2., and 4.2.1. Users must update their software to the latest versions and ensure that HSTS is properly enabled to mitigate the risks associated with this vulnerability.

Timeline

Published on: 12/17/2024 18:15:24 UTC