SB2022081027 - Denial of service in Automation Assets in IBM Cloud Pak for Integration
Published: August 10, 2022
Security Bulletin ID
SB2022081027
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-24434)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a modified form to server, and crash the nodejs service. An attacker can sent the payload again and again so that the service continuously crashes.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-denial-of-service-due-to-cve-2022-24434/"
- https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-denial-of-service-due-to-cve-2022-24434/</a><br>
- https://www.ibm.com/support/pages/node/6611175<br><br></p>