Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME2AE987DECB791D6E4314E82E9D2656352C2D8634FED0E8B595F6C015B3FA7AE
HistorySep 19, 2024 - 3:48 p.m.

Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114

2024-09-1915:48:46
www.ibm.com

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.1

Confidence

High

JSON

Summary

IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture.

Vulnerability Details

CVEID:CVE-2024-36114
**DESCRIPTION:**airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and crash the JVM.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292728 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Asset Data Dictionary Component 1.1

Remediation/Fixes

Remediated Product(s) Version(s)
IBM Asset Data Dictionary Component 1.1.10

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch9.0
OR
ibmmaximo_application_suiteMatch8.11
OR
ibmmaximo_application_suiteMatch8.10
VendorProductVersionCPE
ibmmaximo_application_suite9.0cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:*
ibmmaximo_application_suite8.11cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*
ibmmaximo_application_suite8.10cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*

Related

osv 4
ibm 2
nvd 1
cvelist 1
vulnrichment 1
cve 1
github 1
veracode 1
wolfi 1
osv
osv
CVE-2024-36114
2024-05-29 21:15:49
Decompressors can crash the JVM and leak memory content in Aircompressor
2024-06-02 22:30:02
CGA-x3wj-35rr-5p3w
2024-06-06 12:26:33
ibm
ibm
Security Bulletin: Vulnerability in Airlift aircompressor affects watsonx.data
2024-09-05 17:58:11
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-07-31 19:41:25
nvd
nvd
CVE-2024-36114
2024-05-29 21:15:49
cvelist
cvelist
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
2024-05-29 20:24:53
vulnrichment
vulnrichment
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
2024-05-29 20:24:53
cve
cve
CVE-2024-36114
2024-05-29 21:15:49
github
github
Decompressors can crash the JVM and leak memory content in Aircompressor
2024-06-02 22:30:02
veracode
veracode
Denial Of Service (DoS) / Information Disclosure
2024-05-30 06:07:00
wolfi
wolfi
CVE-2024-36114 vulnerabilities
2024-09-19 21:18:36

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.1

Confidence

High

JSON
Related for E2AE987DECB791D6E4314E82E9D2656352C2D8634FED0E8B595F6C015B3FA7AE
osv4ibm2nvd1cvelist1vulnrichment1cve1github1veracode1wolfi1