Summary There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Application Suite – Manage Component| Manage 9.0 IBM Maximo Application Suite – Manage Component | Manage 8.7 IBM Maximo Application Suite – Manage Component | Manage 8.6 Remediation/Fixes For IBM Maximo Manage application in IBM Maximo Application Suite: MAS| Manage Patch Fix or Release —|— Upgrade to MAS 8.10.X| Upgrade to Manage 8.6.21 or latest (available from the Catalog under Update Available) Upgrade to MAS 8.11.X| Upgrade to Manage 8.7.15 or latest (available from the Catalog under Update Available) Upgrade to MAS 9.0.X| Upgrade to Manage 9.0.8 or latest (available from the Catalog under Update Available) Workarounds and Mitigations…Read More
References
Back to Main