## Summary
WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs.
## Vulnerability Details
** CVEID: **[CVE-2022-37734]()
** DESCRIPTION: **GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235781]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM CICS TX Advanced| 10.1
IBM CICS TX Advanced| 11.1
## Remediation/Fixes
IBM recommends you apply these fixes.
**Product**
| **VRMF**| **APAR**| **Remediation / First Fix**
—|—|—|—
IBM CICS TX Advanced| 10.1| Updated Liberty is shipped along with IFIX image and made available on Fix Central|
_Linux: [Fix Central Link]( “https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-docker-image-10.1.0.0-ifix13&source=SAR” )_
IBM CICS TX Advanced| 11.1| Updated Liberty is shipped along with IFIX image and made available on Fix Central|
_Linux: [Fix Central Link]( “https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix6&source=SAR ” )_
## Workarounds and Mitigations
None
References
Back to Main