CVE-2024-27267

2024-08-1416:15:10

CWE-300

ibm

web.nvd.nist.gov

ibm

sdk

java

orb

vulnerability

remote denial of service

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.

Affected configurations

Nvd

Vulners

Node

ibmjava_sdkRange7.1.0.0–7.1.5.18java_technology

ibmjava_sdkRange8.0.0.0–8.0.8.26java_technology

VendorProductVersionCPE
ibmjava_sdk*cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*

Vendor	Product	Version	CPE
ibm	java_sdk	*	cpe:2.3:a:ibm:java_sdk:::::java_technology:::*

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*",
      "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*",
      "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*",
      "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "SDK, Java Technology Edition",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "7.1.5.18",
        "status": "affected",
        "version": "7.1.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.0.8.26",
        "status": "affected",
        "version": "8.0.0.0",
        "versionType": "semver"
      }
    ]
  }
]