Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2024-32007, CVE-2024-29736). IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability Details CVEID:CVE-2024-32007 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper input validation by the p2c parameter. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CWE:CWE-400: Uncontrolled Resource Consumption CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:CVE-2024-29736 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by improper validation of WADL stylesheet parameter. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. CWE:CWE-918: Server-Side Request Forgery (SSRF) CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 -7.3.0.11 Remediation/Fixes For TADDM 7.3.0.8,7.3.0.9,7.3.0.10 and 7.3.0.11 : The e-Fix in the table below can be downloaded and applied directly. For TADDM 7.3.0.0 – 7.3.0.7 : Please upgrade your…Read More