Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2024-40094). An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM TXSeries for Multiplatforms| 8.1 IBM TXSeries for Multiplatforms| 8.2 IBM TXSeries for Multiplatforms| 9.1 IBM TXSeries for Multiplatforms| 10.1 Remediation/Fixes IBM strongly recommends addressing the vulnerabilities now by updating IBM TXSeries for Multiplatforms. Product| Version| Platform| Remediation/Fix —|—|—|— IBM TXSeries for Multiplatforms| 8.1 | Linux, AIX| PSIRT fixes for IBM TXSeries for Multiplatforms 8.1 will only be provided for extended support customers via request through Salesforce case. IBM TXSeries for Multiplatforms| 8.2 | Linux, AIX, Windows| PSIRT fixes for IBM TXSeries for Multiplatforms 8.2 will only be provided for extended support…Read More
References
Back to Main