Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7018AE3C8FBB141A25130C3B06E26D07353245FDA3DFB61B9D8401E63D35F42C
HistoryMay 13, 2024 - 7:37 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)

2024-05-1307:37:13
www.ibm.com
5
ibm
engineering lifecycle
websphere application server
denial of service
vulnerability
memory resources
jazz foundation
test management
workflow management
global configuration management
requirements management doors next

6.3 Medium

AI Score

Confidence

High

JSON

Summary

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. The following IBM® Engineering Lifecycle Engineering products are exposed to this attack and are been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Workflow Management, Global Configuration Management, IBM Engineering Requirements Management DOORS Next.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Engineering Workflow Management 7.0.2
Global Configuration Management
IBM Engineering Test Management
IBM Engineering Requirements Management DOORS Next
Jazz Foundation
IBM Engineering Workflow Management 7.0.3
Global Configuration Management
IBM Engineering Test Management
IBM Engineering Requirements Management DOORS Next
Jazz Foundation

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH59781.

If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7149330&gt;

Workarounds and Mitigations

None

Related

ibm 14
nessus 1
cve 1
cvelist 1
ibm
ibm
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-25026)
2024-05-06 16:34:52
Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a denial of service (CVE-2024-25026)
2024-05-09 03:54:40
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-25026)
2024-05-01 10:14:49
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.5 DoS (7149330)
2024-04-25 00:00:00
cve
cve
CVE-2024-25026
2024-04-25 13:15:51
cvelist
cvelist
CVE-2024-25026 IBM WebSphere Application Server denial of service
2024-04-25 12:16:24

6.3 Medium

AI Score

Confidence

High

JSON
Related for 7018AE3C8FBB141A25130C3B06E26D07353245FDA3DFB61B9D8401E63D35F42C
ibm14nessus1cve1cvelist1