CRITICAL🇵🇱 Wersja polska

CVE-2024-56346

CVSS 10.0v3.1pub. 2025-03-18upd. 2025-07-25

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

🤖 AI Analysis
How it works

The vulnerability results from improper process control (CWE-114) in the nimesis service handling NIM master. An attacker can remotely, without authentication and without any user interaction, send a specially crafted request to the vulnerable service. Improper process control allows the attacker to execute arbitrary commands in the context of this service.

Impact

An attacker can gain full control over the system — obtain unauthorized access to data, modify or destroy system resources, and disrupt service availability (complete threat to confidentiality, integrity, and availability).

Mitigation & patch

Apply patches available from the vendor according to references: https://www.ibm.com/support/pages/node/7186621. Additionally, until the fix is implemented, it is recommended to restrict network access to the nimesis service only to trusted hosts using a firewall or ACL lists.

Who is affected

IBM AIX versions 7.2 and 7.3 with the nimesis service (NIM master) running.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • IBM Aix

    OS
    Ibm
    7.27.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-36096CRITICAL9.0PL ✓ten sam produkt

IBM AIX/VIOS: Niebezpieczne przechowywanie kluczy prywatnych NIM

CVE-2025-36251CRITICAL9.6PL ✓ten sam produkt

IBM AIX / VIOS nimsh — RCE przez wadliwą implementację SSL/TLS

CVE-2025-36250CRITICAL10.0PL ✓ten sam produkt

RCE w IBM AIX/VIOS: błąd kontroli procesów w usłudze NIM server (nimesis)

CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt

RCE w IBM WebSphere Application Server przez niebezpieczną deserializację

CVE-2024-56347CRITICAL9.6PL ✓ten sam produkt

IBM AIX: RCE przez błędne mechanizmy kontroli procesów w usłudze nimsh (SSL/TLS)