Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, contains a vulnerability in the Google Protocol Buffers (protobuf) library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)| Affecting Product(s) and Version(s) —|— IBM Cloud Pak for Applications 5.1 – 5.3 | IBM WebSphere Application Server Liberty 20.0.0.12 – 24.0.0.10 Remediation/Fixes IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH63533, as described in Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254). Workarounds and Mitigations…Read More