Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow Process Federation Server and User Management Service. IBM WebSphere Application Server Liberty is also the foundation of many images in IBM Business Automation Workflow on Containers. IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s)| Status —|—|— IBM Business Automation Workflow containers| V24.0.1 V24.0.0 – V24.0.0-IF003 earlier versions | affected IBM Business Automation Workflow traditional| V24.0.1 V24.0.0 earlier versions| affected For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product. Remediation/Fixes Affected Product(s)| Version(s)| Remediation / Fix —|—|— IBM Business Automation Workflow containers| V24.0.1| Apply V24.0.1-IF001 IBM Business Automation Workflow containers| V24.0.0 -…Read More