Summary IBM PowerVM Novalink is vulnerable because GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— PowerVM Novalink| 2.0.0.0 2.0.1 2.0.2 2.0.2.1 2.0.3 2.0.3.1 2.1.0 2.1.1 PowerVM Novalink| 2.2.0 2.2.1 2.2.1.1 PowerVM Novalink| 2.3.0 Remediation/Fixes Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading based on the table below. Product| Version| Remediation —|—|— PowerVM Novalink | 2.0.0.0 2.0.1 2.0.2 2.0.2.1 2.0.3 2.0.3.1 2.1.0 2.1.1 | Update to pvm-novalink-2.1.1-250103 or Update to pvm-novalink-2.2.1.1-250103 or Update to pvm-novalink-2.3.0-250103 PowerVM Novalink| 2.2.0 2.2.1 2.2.1.1 | Update to…Read More