CVE-2024-27267

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7165421	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:java_sdk:::::java_technology:::*
	cpe:2.3:a:ibm:java_sdk:::::java_technology:::*

History

29 Sep 2025, 17:15

Type	Values Removed	Values Added
Summary	(en) The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.	(en) The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.
References	~~{'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/284573', 'tags': ['Vendor Advisory'], 'source': 'psirt@us.ibm.com'}~~
CWE	~~CWE-300~~	CWE-362

Information

Published : 2024-08-14 16:15

Updated : 2025-09-29 17:15

NVD link : CVE-2024-27267

Mitre link : CVE-2024-27267

CVE.ORG link : CVE-2024-27267

JSON object : View

Products Affected

ibm

java_sdk

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

NVD-CWE-noinfo

{"id": "CVE-2024-27267", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-08-14T16:15:10.950", "references": [{"url": "https://www.ibm.com/support/pages/node/7165421", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads."}, {"lang": "es", "value": "El Object Request Broker (ORB) en IBM SDK, Java Technology Edition 7.1.0.0 a 7.1.5.18 y 8.0.0.0 a 8.0.8.26 es vulnerable a la denegaci\u00f3n remota de servicio, provocada por una condici\u00f3n de ejecuci\u00f3n en la gesti\u00f3n de subprocesos de escucha de ORB. ID de IBM X-Force: 284573."}], "lastModified": "2025-09-29T17:15:29.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", "vulnerable": true, "matchCriteriaId": "5DDFFC65-9A40-45B6-BEAB-AC2A72A0B0BD", "versionEndIncluding": "7.1.5.18", "versionStartIncluding": "7.1.0.0"}, {"criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", "vulnerable": true, "matchCriteriaId": "A0954E69-2308-4A9C-B786-6FB188823ED6", "versionEndIncluding": "8.0.8.26", "versionStartIncluding": "8.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}