CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/280400	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7145365	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*

History

02 Apr 2024, 17:56

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 7.5
Summary		(es) IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. ID de IBM X-Force: 280400.
CPE		cpe:2.3:a:ibm:websphere_application_server:::::liberty:::*
First Time		Ibm websphere Application Server Ibm
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7145365 -~~	() https://www.ibm.com/support/pages/node/7145365 - Vendor Advisory

31 Mar 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-31 12:15

Updated : 2024-04-02 17:56

NVD link : CVE-2024-22353

Mitre link : CVE-2024-22353

CVE.ORG link : CVE-2024-22353

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-22353", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-03-31T12:15:50.430", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280400", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7145365", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400."}, {"lang": "es", "value": "IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 es vulnerable a una denegaci\u00f3n de servicio provocada por el env\u00edo de una solicitud especialmente manipulada. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. ID de IBM X-Force: 280400."}], "lastModified": "2024-04-02T17:56:57.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*", "vulnerable": true, "matchCriteriaId": "EB6032AB-1715-4BB9-86BA-40EDB4AD189E", "versionEndIncluding": "24.0.0.3", "versionStartIncluding": "17.0.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}