IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text.

This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwords, posing a significant security risk in affected systems.

Details of the Vulnerability

The vulnerability (CVE-2024-49351) specifically involves the plaintext storage of user credentials, classified under CWE-256: Plaintext Storage of a Password.

This means passwords are not being encrypted or adequately secured, leaving them exposed to local users with access to the system where IBM Workload Scheduler is installed.

The vulnerability is assigned a CVSS Base Score of 5.5, categorizing it as medium severity. According to the CVSS vector, the attack vector is local, meaning an attacker must have physical or network access to the affected system.

The attack complexity is low, indicating that the exploit does not ...