Summary IBM Storage Protect Operations Center may be affected by denial of service caused by failure to consider ExecutableNormalizedFields in Open-source GraphQL Java library used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Storage Protect Operations Center| 8.1 Remediation/Fixes Affected Versions| Fixing Level| Platform| Link to Fix and Instructions —|—|—|— 8.1.0.000 – 8.1.25.xxx| 8.1.26| AIX, Linux, Windows| https://www.ibm.com/support/pages/node/588021 Workarounds and Mitigations…Read More