CVE-2024-27267 IBM SDK, Java Technology Edition denial of service

2024-08-1415:59:46

CWE-300

ibm

www.cve.org

ibm

java

technology edition

denial of service

vulnerability

remote

race condition

management

orb listener

threads

x-force id 284573

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*",
      "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*",
      "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*",
      "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "SDK, Java Technology Edition",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "7.1.5.18",
        "status": "affected",
        "version": "7.1.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.0.8.26",
        "status": "affected",
        "version": "8.0.0.0",
        "versionType": "semver"
      }
    ]
  }
]