CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
Multiple vulnerabilities in IBM WebSphere Liberty Profile affects IBM Robotic Process Automation and may result in a denial of service. IBM WebSphere Liberty is used by IBM Robotic Process Automation for as part of Abbyy and Antivirus containers and UMS. This bulletin identifies the security fixes to apply to address the vulnerability.
CVEID:CVE-2024-25026
**DESCRIPTION:**IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 for the current score.
CVSS Vector:
CVEID:CVE-2024-27268
**DESCRIPTION:**IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 for the current score.
CVSS Vector:
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.15, 23.0.0 - 23.0.16 |
IBM Robotic Process Automation | 21.0.0 - 21.0.7.15, 23.0.0 - 23.0.16 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Robotic Process Automation | 21.0.0 - 21.0.7.15 | Download 21.0.7.16 or higher and follow these instructions. |
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.15 | Update to 21.0.7.16 or higher using the following instructions. |
IBM Robotic Process Automation | 23.0.0 - 23.0.16 | Download 23.0.17 or higher and follow these instructions. |
IBM Robotic Process Automation for Cloud Pak
| 23.0.0 - 23.0.16| Update to 23.0.17 or higher using the following instructions.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | robotic_process_automation | 21.0.0 | cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:* |
ibm | robotic_process_automation | 21.0.7.15 | cpe:2.3:a:ibm:robotic_process_automation:21.0.7.15:*:*:*:*:*:*:* |
ibm | robotic_process_automation | 23.0.0 | cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:* |
ibm | robotic_process_automation | 23.0.16 | cpe:2.3:a:ibm:robotic_process_automation:23.0.16:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High