Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9A2E41EA0EB39FA6A2D4209634C3920D20BE6FBF503F2C2B237E43797778D60C
HistorySep 09, 2024 - 8:18 a.m.

Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

2024-09-0908:18:46
www.ibm.com
2
ibm maximo application suite
predict component
vulnerability
idna-3.6
cve-2024-3651
denial of service
cvss 6.2
system resources
fix 9.0.1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

JSON

Summary

Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Vulnerability Details

CVEID:CVE-2024-3651
**DESCRIPTION:**idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encode() function and consume system resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289330 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Predict Component 9.0.0

Remediation/Fixes

Affected Product(s) Version(s)
IBM Maximo Application Suite - Predict Component 9.0.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximoMatch9.0.0
VendorProductVersionCPE
ibmmaximo9.0.0cpe:2.3:a:ibm:maximo:9.0.0:*:*:*:*:*:*:*

Related

mageia 1
fedora 6
nessus 41
osv 30
openvas 24
redhat 34
nvd 1
almalinux 3
cve 1
ubuntucve 1
ubuntu 1
cbl_mariner 2
redos 1
veracode 1
github 1
cvelist 1
vulnrichment 1
debian 1
cgr 1
rocky 2
oraclelinux 3
wolfi 1
alpinelinux 1
debiancve 1
redhatcve 1
ibm 6
mageia
mageia
Updated python-idna packages fix security vulnerability
2024-07-01 20:53:27
fedora
fedora
[SECURITY] Fedora 38 Update: python-idna-3.7-1.fc38
2024-05-04 02:19:59
[SECURITY] Fedora 39 Update: python-idna-3.7-1.fc39
2024-05-04 01:33:18
[SECURITY] Fedora 40 Update: python-idna-3.7-1.fc40
2024-04-29 01:13:18
nessus
nessus
Fedora 40 : python-idna (2024-098b5d9719)
2024-04-29 00:00:00
Fedora 38 : python-idna (2024-73644489ec)
2024-05-04 00:00:00
RHEL 8 : python-idna (RHSA-2024:3552)
2024-06-03 00:00:00
osv
osv
CGA-xpcj-g2x8-wcc9
2024-06-06 12:26:35
CGA-9fj4-pj3g-gm6q
2024-06-06 12:25:45
CGA-ccwr-5f2w-9q24
2024-06-06 12:25:36
openvas
openvas
Huawei EulerOS: Security Advisory for python-idna (EulerOS-SA-2024-2049)
2024-07-22 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2357)
2024-09-10 00:00:00
Fedora: Security Advisory (FEDORA-2024-098b5d9719)
2024-05-27 00:00:00
redhat
redhat
(RHSA-2024:3846) Moderate: python-idna security update
2024-06-11 18:28:02
(RHSA-2024:3543) Moderate: python-idna security and bug fix update
2024-06-03 06:38:34
(RHSA-2024:4260) Moderate: python-idna security update
2024-07-02 13:57:28
nvd
nvd
CVE-2024-3651
2024-07-07 18:15:09
almalinux
almalinux
Moderate: python-idna security update
2024-07-02 00:00:00
Moderate: python-idna security update
2024-06-11 00:00:00
Important: python39:3.9 and python39-devel:3.9 security update
2024-05-29 00:00:00
cve
cve
CVE-2024-3651
2024-07-07 18:15:09
ubuntucve
ubuntucve
CVE-2024-3651
2024-04-23 00:00:00
ubuntu
ubuntu
idna vulnerability
2024-05-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-3651 affecting package python-idna for versions less than 3.7-1
2024-08-14 20:43:58
CVE-2024-3651 affecting package python-idna for versions less than 3.7-1
2024-07-26 17:52:50
redos
redos
ROS-20240527-03
2024-05-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2024-04-15 11:56:57
github
github
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
2024-04-11 21:32:40
cvelist
cvelist
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
2024-07-07 17:22:10
vulnrichment
vulnrichment
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
2024-07-07 17:22:10
debian
debian
[SECURITY] [DLA 3811-1] python-idna security update
2024-05-08 17:05:07
cgr
cgr
CVE-2024-3651 vulnerabilities
2024-05-19 03:07:16
rocky
rocky
python-idna security update
2024-06-14 14:00:33
python39:3.9 and python39-devel:3.9 security update
2024-06-14 13:59:30
oraclelinux
oraclelinux
python-idna security update
2024-07-03 00:00:00
python-idna security update
2024-06-13 00:00:00
python39:3.9 and python39-devel:3.9 security update
2024-05-31 00:00:00
wolfi
wolfi
CVE-2024-3651 vulnerabilities
2024-09-27 09:13:12
alpinelinux
alpinelinux
CVE-2024-3651
2024-07-07 18:15:09
debiancve
debiancve
CVE-2024-3651
2024-07-07 18:15:09
redhatcve
redhatcve
CVE-2024-3651
2024-04-12 19:50:04
ibm
ibm
Security Bulletin: Vulnerabilities in Jinja, idna & cryptography can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore
2024-06-27 08:34:20
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
2024-06-20 20:39:36
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.
2024-06-17 11:59:28

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

JSON
Related for 9A2E41EA0EB39FA6A2D4209634C3920D20BE6FBF503F2C2B237E43797778D60C
mageia1fedora6nessus41osv30openvas24redhat34nvd1almalinux3cve1ubuntucve1ubuntu1cbl_mariner2redos1veracode1github1cvelist1vulnrichment1debian1cgr1rocky2oraclelinux3wolfi1alpinelinux1debiancve1redhatcve1ibm6