Site icon API Security Blog

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094)

image
Summary There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094) Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Asset Management| 7.6.1.3 Remediation/Fixes VRM| Fix Pack, Feature Pack, or Interim Fix| Download —|—|— 7.6.1.3| Maximo Asset Management 7.6.1.3 iFix: 7.6.1.3-TIV-MBS-IF025 or latest Interim Fix available | FixCentral Workarounds and Mitigations…Read More

Exit mobile version