Lucene search

IBM5D9D17D668EF5DFCDA4DA43DA360D5CB8C99D183AD1419D104C0418623978C3B

HistorySep 17, 2024 - 8:56 a.m.

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.

2024-09-1708:56:59

www.ibm.com

ruby rexml

xml toolkit

ibm license metric tool

denial of service

vulnerability

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

JSON

Summary

There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool.

Vulnerability Details

CVEID:CVE-2024-43398
**DESCRIPTION:**Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By using a specially crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/352148 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-41946
**DESCRIPTION:**Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/350318 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-41123
**DESCRIPTION:**Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted XML content contains many specific characters, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/350319 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-39908
**DESCRIPTION:**Ruby REXML is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298413 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM License Metric Tool	9.2.0 - 9.2.36

Remediation/Fixes

For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest ILMT Server version 9.2.37 or later using the following procedure:
<https://www.ibm.com/docs/en/license-metric-tool?topic=tool-upgrading-latest-version>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmlicense_metric_toolMatch9.2

VendorProductVersionCPE
ibmlicense_metric_tool9.2cpe:2.3:a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	license_metric_tool	9.2	cpe:2.3:a:ibm:license_metric_tool:9.2:::::::*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

JSON

Related for 5D9D17D668EF5DFCDA4DA43DA360D5CB8C99D183AD1419D104C0418623978C3B