Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM80FCB350945A9F9C2E5F64E6D983BE38D14C71BACF2156E2778061AF6C7ADE2C
HistoryJun 24, 2024 - 1:11 p.m.

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

2024-06-2413:11:51
www.ibm.com
11
ibm datapower gateway
denial of service
golang go
cve-2024-24783
datapower operator
prometheus metrics

AI Score

7

Confidence

High

JSON

Summary

IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . (CVE-2024-24783)

Vulnerability Details

CVEID:CVE-2024-24783
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 package when verifying a certificate chain. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause Certificate.Verify to panic, and results in a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285303 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
DataPower Operator 1.8 1.8.0 - 1.8.1
DataPower Operator 1.6 1.6.0 - 1.6.13
DataPower Operator 1.7 1.7.0 - 1.7.2
DataPower Operator 1.9 1.9.0 - 1.9.1
IBM DataPower Gateway 10.5 CD 10.5.1.0 - 10.5.4.0
IBM DataPower Gateway 10.5.0 10.5.0.0 - 10.5.0.10
IBM DataPower Gateway 10.0.1 10.0.1.0 - 10.0.1.18

Remediation/Fixes

Affected Product(s) Fixed in version APAR
DataPower Operator 1.6 1.6.14, 1.10.1 IT45777
DataPower Operator 1.7 1.11.0 IT45777
DataPower Operator 1.8 1.6.14, 1.10.1 IT45777
DataPower Operator 1.9 1.6.14, 1.10.1 IT45777
IBM DataPower Gateway 10.5 CD 10.6.0.0 IT45777
IBM DataPower Gateway 10.5.0 10.5.0.11 IT45777
IBM DataPower Gateway 10.0.1 10.0.1.19 IT45777

IBM strongly recommends addressing this vulnerability by upgrading to a fixed version

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmdatapower_gatewayMatch10.0.1
OR
ibmdatapower_gatewayMatch10.5.0
OR
ibmdatapower_gatewayMatch10.5
VendorProductVersionCPE
ibmdatapower_gateway10.0.1cpe:2.3:a:ibm:datapower_gateway:10.0.1:*:*:*:*:*:*:*
ibmdatapower_gateway10.5.0cpe:2.3:a:ibm:datapower_gateway:10.5.0:*:*:*:*:*:*:*
ibmdatapower_gateway10.5cpe:2.3:a:ibm:datapower_gateway:10.5:*:*:*:*:*:*:*

Related

osv 189
nessus 2
ibm 1
ubuntucve 1
oraclelinux 1
almalinux 3
redhatcve 1
cve 1
osv
osv
CGA-mq5v-qw2p-vj5x
2024-06-06 12:26:11
CGA-9x6j-9vg3-wg25
2024-06-06 12:25:31
CGA-9q84-7p76-93gj
2024-06-06 12:25:29
nessus
nessus
RHEL 9 : gvisor-tap-vsock (RHSA-2024:6187)
2024-09-03 00:00:00
AlmaLinux 9 : skopeo (ALSA-2024:6195)
2024-09-03 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operator, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-24783]
2024-06-05 15:07:56
ubuntucve
ubuntucve
CVE-2024-24783
2024-03-05 00:00:00
oraclelinux
oraclelinux
gvisor-tap-vsock security update
2024-09-03 00:00:00
almalinux
almalinux
Moderate: runc security update
2024-09-03 00:00:00
Moderate: skopeo security update
2024-09-03 00:00:00
Moderate: containernetworking-plugins security update
2024-09-03 00:00:00
redhatcve
redhatcve
CVE-2024-24783
2024-03-06 03:33:39
cve
cve
CVE-2024-24783
2024-03-05 23:15:07

AI Score

7

Confidence

High

JSON
Related for 80FCB350945A9F9C2E5F64E6D983BE38D14C71BACF2156E2778061AF6C7ADE2C
osv189nessus2ibm1ubuntucve1oraclelinux1almalinux3redhatcve1cve1