Critical Alert: IBM AIX Users Urged to Patch Immediately Due to Severe Security Vulnerabilities
21 March 2025 - 2 Minute Read
IBM recently disclosed two critical vulnerabilities in its widely used AIX operating system, commonly deployed in mission-critical environments across industries such as finance, healthcare, telecommunications, and large-scale data centres.
What Are the Vulnerabilities?
- CVE-2024-56346 (Severity 10.0)
This vulnerability affects AIX’s Network Installation Management (NIM) master service (nimesis). Due to improper process controls, attackers can remotely execute arbitrary commands without user interaction, posing significant risk to system integrity and data security. - CVE-2024-56347 (Severity 9.6)
Targeting the nimsh service’s SSL/TLS protection, this vulnerability also allows remote attackers to execute commands but requires some level of user interaction.
Why Should You Be Concerned?
Given that AIX systems are integral to critical business operations, an exploit could have severe consequences, including:
- Unauthorised access and theft of sensitive data.
- Deployment of ransomware, causing significant operational disruptions.
- Corruption of vital backups and implantation of persistent backdoors.
These vulnerabilities have low complexity and can be exploited remotely, greatly amplifying their risk potential. With a severity rating of 10 out of 10 for CVE-2024-56346, the urgency to patch affected systems cannot be overstated.
Who is Affected?
Organisations running IBM AIX versions 7.2 and 7.3 are directly affected. AIX is trusted by approximately 9,000 organisations worldwide for high-value applications, making this a widely impactful issue.
Recommended Actions:
Baby Blue IT Consultancy strongly advises the following immediate actions:
- Patch Immediately: Apply IBM’s official patches to AIX systems without delay.
- Review System Configurations: Ensure robust security settings and monitoring are in place for network installation services.
- Continuous Monitoring: Stay informed by regularly reviewing IBM’s security updates and recommendations.
How Baby Blue IT Consultancy Can Help:
If you're unsure about your organisation's vulnerability status or require expert guidance in applying patches safely and effectively, Baby Blue IT Consultancy is here to support you. Our team specialises in IBM systems, security best practices, and ongoing threat mitigation strategies.
Genuine IBM Maintenance – The Best Option:
The best way to ensure you have access to the latest patches and microcode updates is through genuine IBM maintenance. If you are currently with a Third-Party Maintenance (TPM) provider and concerned about the potential cost of switching back, talk to Baby Blue today. You might find that switching back to genuine IBM support could actually save your organisation money!
Protect your mission-critical systems today — contact Baby Blue IT Consultancy for immediate assistance.
About the Author
Chris Smith
Chris Smith is a sales leader and consultant with over 30 years of experience in IT managed services. With a background in IBM hardware maintenance, he transitioned from field engineer to sales and marketing director, creating the foundations for Blue Chip Cloud, which became the largest IBM Power Cloud globally at the time. Chris played a key role in the 2021 sale of Blue Chip and grew managed services revenue by 50%. He’s passionate about building customer relationships and has implemented Gap Selling by Keenan to drive sales performance. Now, Chris helps managed service providers and third-party maintenance businesses with growth planning and operational improvement.
LinkedIn
