Lucene search

IBM6B7A3E77598AEA3B777848BC3716BB45E72CBF57E91B3D51A8A1B41D8CF21C91

HistoryJul 30, 2024 - 4:37 p.m.

Security Bulletin: IBM License Key Server Administration & Reporting Tool and Agent are vulnerable to avulnerability in Apache Commons Compress Library

2024-07-3016:37:20

www.ibm.com

ibm common licensing

agent 9.0

art 9.0

apache commons compress

denial of service

fix central

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

JSON

Summary

A Denial of Service vulnerability has been found in Apache Commons Compress. It affects IBM License Key Server Administration & Reporting Tool and its Agent. A mitigation has been released.

Vulnerability Details

CVEID:CVE-2024-25710
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283472 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26308
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283469 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Common Licensing	Agent 9.0
IBM Common Licensing	ART 9.0

Remediation/Fixes

Upgrade to ART/Agent version 9.0.0.1.

Apply IBM LKS Administration Agent 9001 and IBM LKS Administration and Reporting Tool 9001 from Fix Central.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcommon_licensingMatch9.0

VendorProductVersionCPE
ibmcommon_licensing9.0cpe:2.3:a:ibm:common_licensing:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	common_licensing	9.0	cpe:2.3:a:ibm:common_licensing:9.0:::::::*

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

JSON

Related for 6B7A3E77598AEA3B777848BC3716BB45E72CBF57E91B3D51A8A1B41D8CF21C91