CVE-2024-27268

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/284574	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7145809	Vendor Advisory
https://www.kb.cert.org/vuls/id/421644	Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/284574	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7145809	Vendor Advisory
https://www.kb.cert.org/vuls/id/421644	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*

History

27 Feb 2025, 17:58

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:websphere_application_server:::::liberty:::*
First Time		Ibm Ibm websphere Application Server
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7145809 -~~	() https://www.ibm.com/support/pages/node/7145809 - Vendor Advisory
References	~~() https://www.kb.cert.org/vuls/id/421644 -~~	() https://www.kb.cert.org/vuls/id/421644 - Third Party Advisory, US Government Resource

Information

Published : 2024-04-04 18:15

Updated : 2025-04-10 21:05

NVD link : CVE-2024-27268

Mitre link : CVE-2024-27268

CVE.ORG link : CVE-2024-27268

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-27268", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-04T18:15:13.823", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284574", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7145809", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.kb.cert.org/vuls/id/421644", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284574", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7145809", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/421644", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574."}, {"lang": "es", "value": "IBM WebSphere Application Server Liberty 18.0.0.2 a 24.0.0.3 es vulnerable a una denegaci\u00f3n de servicio provocada por el env\u00edo de una solicitud especialmente manipulada. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. ID de IBM X-Force: 284574."}], "lastModified": "2025-04-10T21:05:27.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*", "vulnerable": true, "matchCriteriaId": "F3B99528-A802-4C87-B0E7-8488A1925E1D", "versionEndExcluding": "24.0.0.5", "versionStartIncluding": "18.0.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}