IBM73CB98D818312A414F3ADC6CE74D9DFA4FDF88E8AAD08068A84F03150FDA7217Security Bulletin: Denial of service vulnerability in Amazon Ion may affect IBM Storage Protect Server
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Summary
IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634.
Vulnerability Details
CVEID:CVE-2024-21634
**DESCRIPTION:**Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279362 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Protect Server | 8.1.0.000 - 8.1.22.xxx |
Remediation/Fixes
| Affected Versions | Fixing Level | Platform | Link to Fix and Instructions |
|---|---|---|---|
| 8.1.0.000 - 8.1.22.xxx | 8.1.23 | AIX, Linux, Windows | <https://www.ibm.com/support/pages/node/588021> |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm storage protect | eq | 8.1 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%