Protect Your Networker Database Backups – Update to the Latest Version Now!

CVECVE-2024-22432
CVSScvssV3_1: 7.8
SourceCVE-2024-22432

Networker from IBM is a popular data protection software used by many organizations to backup critical databases and applications. Unfortunately, a vulnerability has been discovered in versions 19.9 and below that could allow attackers to steal database credentials stored in temporary configuration files during backups.

The vulnerability arises because plaintext passwords for databases like MySQL are stored unencrypted in temporary config files while backups are running. An attacker with low level access to the system where Networker client is installed could potentially access these files and view the database credentials.

With the stolen credentials, attackers would then be able to directly access the organization’s database servers and applications. They could view, modify or delete sensitive data depending on the privileges of the compromised account. This poses a huge risk to confidentiality, integrity and availability of business critical systems.

The good news is IBM has released updates to fix this issue. Organizations currently using Networker 19.9 or earlier should immediately update to the latest version. Admins are also advised to review database access controls and consider hashing or encrypting credentials as an additional security measure. Keeping systems patched and credentials secure is key to prevent attacks like this in future.

References