Remote Denial of Service in IBM SDK Java Technology Edition
CVE-2024-27267

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Java Sdk
Vendor: CVE Published:; 14 August 2024

Summary

The Object Request Broker (ORB) within IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is susceptible to a remote denial of service attack. This vulnerability arises from a race condition in the management of ORB listener threads, which may allow an attacker to disrupt service availability remotely. Organizations using the affected versions should implement appropriate mitigations and consider upgrading to secure versions.

References

https://www.ibm.com/support/pages/node/7165421

https://exchange.xforce.ibmcloud.com/vulnerabilities/284573

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024