IBMA366585CEAC633B8168979C96AC0DAB187F5C56D84B8C8B8719557FE032FCCD5Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to a Denial of Service.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Summary
There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable issues.
Vulnerability Details
CVEID:CVE-2024-22353
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-27268
**DESCRIPTION:**IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-25026
**DESCRIPTION:**IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM TXSeries for Multiplatforms | 8.1 |
| IBM TXSeries for Multiplatforms | 8.2 |
| IBM TXSeries for Multiplatforms | 9.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerabilities now by upgrading IBM TXSeries for Multiplatforms.
| Product | Version | Platform | Remediation/Fix |
|---|---|---|---|
| IBM TXSeries for Multiplatforms |
8.1
| Linux, AIX|
PSIRT fixes for IBM TXSeries for Multiplatforms 8.1 will be provided only for extended support customers with request through Salesforce case.
IBM TXSeries for Multiplatforms| 8.2| Linux, AIX, Windows|
PSIRT fixes for IBM TXSeries for Multiplatforms 8.2 will be provided only for extended support customers with request through Salesforce case.
IBM TXSeries for Multiplatforms|
9.1
| Linux, AIX|
Download the upgrade from Fix Central
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| txseries for multiplatforms | eq | 8.1 | |
| txseries for multiplatforms | eq | 8.2 | |
| txseries for multiplatforms | eq | 9.1 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%