IBM WebSphere Application Server Liberty Under Denial of Service Attack
CVE-2024-27268

7.5HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-27268?

IBM WebSphere Application Server Liberty versions 18.0.0.2 through 24.0.0.4 are susceptible to a denial of service vulnerability. This is triggered by sending a specifically crafted request, which can lead to excessive consumption of memory resources. A remote attacker can exploit this vulnerability to disrupt the service’s operation. It is crucial for users of affected versions to implement mitigations as soon as possible to protect their systems.

Affected Version(s)

WebSphere Application Server Liberty 18.0.0.2 <= 24.0.0.4

References

https://www.ibm.com/support/pages/node/7145809

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/284574

vdb-entry

https://www.kb.cert.org/vuls/id/421644

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2024