CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
IBM Security SOAR uses an older version of Apache Tomcat that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.3.0 or later of IBM Security SOAR.
CVEID:CVE-2024-34750
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending specially crafted HTTP headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297352 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Security SOAR | Earlier than 51.0.3.0 |
IBM encourages customers to update their systems promptly.
Users must upgrade to v51.0.3.0 or higher of IBM SOAR in order to obtain a fix for this vulnerability.
You can upgrade the platform and apply the security updates by following the instructions in the “Upgrade Procedure” section in the IBM Documentation
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High