This security bulletin contains one medium risk vulnerability.
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted JSON input that uses large numbers (numbers such as 1e20000000) to the application and perform a denial of service attack.Mitigation
Install update from vendor's website.Vulnerable software versions
IBM App Connect Enterprise: 184.108.40.206 - 220.127.116.11Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?