Denial of Service Vulnerability in IBM EntireX by IBM
CVE-2024-54170
5.5MEDIUM
Summary
IBM EntireX version 11.1 contains a vulnerability that allows a local user to trigger a denial of service by exploiting a regular expression with inefficient complexity, leading to excessive CPU cycle consumption. This issue can significantly degrade system performance, potentially impacting the availability of applications relying on IBM EntireX.
Affected Version(s)
EntireX 11.1
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved