CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
IBM Security SOAR uses an older version of ElasticSearch that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.2.1 or later of IBM Security SOAR.
CVEID:CVE-2024-23450
**DESCRIPTION:**Elastic Elasticsearch is vulnerable to a denial of service, caused by a flaw when processing a document in a deeply nested pipeline on an ingest node. By sending a specially crafted document, a remote authenticated attacker could exploit this vulnerability to cause an uncontrolled resource consumption, and results in a denial of service condition.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286949 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Security SOAR | 51.0.2.0 and earlier |
IBM encourages customers to update their systems promptly.
Users must upgrade to v51.0.2.1 or higher of IBM SOAR in order to obtain a fix for this vulnerability.
You can upgrade the platform and apply the security updates by following the instructions in the “Upgrade Procedure” section in the IBM Documentation
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High