Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF33BE2B0F307B650E89854C5F5A464669E29C1F854497EE4BA10F758E7BEACE5
HistoryAug 15, 2024 - 4:26 p.m.

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws (CVE-2024-37890)

2024-08-1516:26:22
www.ibm.com
9
ibm app connect enterprise
denial of service
node.js module ws
vulnerability
cve-2024-37890
it46526

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON

Summary

IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2024-37890
**DESCRIPTION:**Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted request with multiple HTTP headers, a remote attacker could exploit this vulnerability to cause the server to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/295049 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM App Connect Enterprise 12.0.1.0 - 12.0.12.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise

Affected Product(s) Version(s) APAR Remediation / Fixes
IBM App Connect Enterprise 12.0.1.0 -12.0.12.3 IT46526

The APAR (IT46526) is available from

IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.4

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmapp_connect_enterpriseRange12.0.1.0
OR
ibmapp_connect_enterpriseRange12.0.12.3
VendorProductVersionCPE
ibmapp_connect_enterprise*cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

Related

debiancve 1
osv 7
cbl_mariner 1
cvelist 1
ibm 9
cve 1
nessus 2
nvd 1
ubuntucve 1
veracode 1
github 1
vulnrichment 1
redhatcve 1
wolfi 1
redhat 1
debiancve
debiancve
CVE-2024-37890
2024-06-17 20:15:13
osv
osv
CGA-cm39-xg6p-r3wr
2024-07-15 21:56:09
CGA-qv4g-5p29-rxvx
2024-07-15 22:05:42
CGA-h8rj-78mh-45v7
2024-06-19 07:34:55
cbl_mariner
cbl_mariner
CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10
2024-07-12 23:39:02
cvelist
cvelist
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
2024-06-17 19:09:02
ibm
ibm
Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
2024-07-09 19:56:56
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-37890)
2024-08-26 16:34:09
Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities
2024-07-18 11:13:34
cve
cve
CVE-2024-37890
2024-06-17 20:15:13
nessus
nessus
CBL Mariner 2.0 Security Update: reaper (CVE-2024-37890)
2024-07-14 00:00:00
Security Updates for Azure CycleCloud (August 2024)
2024-08-13 00:00:00
nvd
nvd
CVE-2024-37890
2024-06-17 20:15:13
ubuntucve
ubuntucve
CVE-2024-37890
2024-06-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2024-06-19 06:39:43
github
github
ws affected by a DoS when handling a request with many HTTP headers
2024-06-17 19:09:10
vulnrichment
vulnrichment
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
2024-06-17 19:09:02
redhatcve
redhatcve
CVE-2024-37890
2024-06-17 21:51:19
wolfi
wolfi
CVE-2024-37890 vulnerabilities
2024-09-18 09:28:50
redhat
redhat
(RHSA-2024:4591) Important: Red Hat OpenShift Data Foundation 4.16.0 security, enhancement & bug fix update
2024-07-17 13:08:05

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON
Related for F33BE2B0F307B650E89854C5F5A464669E29C1F854497EE4BA10F758E7BEACE5
debiancve1osv7cbl_mariner1cvelist1ibm9cve1nessus2nvd1ubuntucve1veracode1github1vulnrichment1redhatcve1wolfi1redhat1