Security Bulletin
Summary
There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor.
Vulnerability Details
CVEID: CVE-2024-43799
DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-43800
DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-45296
DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially crafted regex request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: CVE.org
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-45590
DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-405: Asymmetric Resource Consumption (Amplification)
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-50314
DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-11468
DESCRIPTION: Docker Registry is vulnerable to a denial of service, caused by the failure to restrict content sizes. An attacker could exploit this vulnerability to cause memory consumption.
CWE: CWE-399: Resource Management Errors
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-42694
DESCRIPTION: Unicode could allow a remote authenticated attacker to execute arbitrary code on the system, caused by insufficient visual distinction of visually similar or identical glyphs that are presented to the user. By creating a malicious patch using homoglyphs to conceal malicious functions, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: This vulnerability also affects Rust.
CWE: CWE-1005: 7PK - Input Validation and Representation
CVSS Source: IBM X-Force
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-23471
DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to exhaust memory on the host, and results in a denial of service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 5.7
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-23648
DESCRIPTION: containerd could allow a remote attacker to obtain sensitive information, caused by a flaw in the CRI implementation. By using a specially-crafted image configuration, an attacker could exploit this vulnerability to access to read-only copies of arbitrary files and directories on the host system, and use this information to launch further attacks against the affected system.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2022-31030
DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local authenticated attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-2253
DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/_catalog endpoint. By sending a specially crafted /v2/_catalog API endpoint request request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-25153
DESCRIPTION: containerd is vulnerable to a denial of service, caused by a memory exhaustion flaw when importing an OCI image. By using a specially-crafted image with a large file, a local attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-25173
DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups inside a container. By sending a specially-crafted request using supplementary group access, an attacker could exploit this vulnerability to bypass primary group restrictions.
CWE: CWE-863: Incorrect Authorization
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-3446
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-36632
DESCRIPTION: Python is vulnerable to a denial of service, caused by a RecursionError in email.utils.parseaddr #103800. By sending a specially crafted argument, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-674: Uncontrolled Recursion
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-37920
DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CWE: CWE-345: Insufficient Verification of Data Authenticity
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-39325
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-44487
DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-45284
DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the IsLocal function in the filepath package. An attacker could exploit this vulnerability to report "COM1", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3 as local.
CWE: CWE-287: Improper Authentication
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-45288
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATION frames in the HTTP/2 protocol stack in the net/http and x/net/http2 packages. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-202: Exposure of Sensitive Information Through Data Queries
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-48161
DESCRIPTION: GifLib Project GifLib could allow a local attacker to obtain sensitive information, caused by a heap-based buffer overflow in the DumpSCreen2RGB function in gif2rgb.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-48795
DESCRIPTION: OpenSSH could allow a remote attacker to bypass security restrictions, caused by a flaw in the SSH Binary Packet Protocol (BPP). By sending a specially crafted request, an attacker could exploit this vulnerability to bypass integrity checks such that some packets are omitted, and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled.
CWE: CWE-222: Truncation of Security-relevant Information
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-5678
DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DH_generate_key() function to generate an X9.42 DH key. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-6129
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-328: Use of Weak Hash
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-25620
DESCRIPTION: Helm could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user-supplied input. An attacker could supplying a specially-crafted Chart.yaml file containing a relative path change operation to view arbitrary files on the system.
CWE: CWE-23: Relative Path Traversal
CVSS Source: IBM X-Force
CVSS Base score: 6.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2024-25710
DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26147
DESCRIPTION: Helm is vulnerable to a denial of service, caused by the use of an uninitialized variable in the parsing of YAML files by the LoadIndexFile or DownloadIndexFile functions. By providing a specially crafted YAML file, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-457: Use of Uninitialized Variable
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26308
DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-29025
DESCRIPTION: Netty is vulnerable to a denial of service, caused by an out-of memory flaw in HttpPostRequestDecoder. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-29131
DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 7.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-29857
DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-30171
DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decryption (both PKCS#1v1.5 and OAEP) feature. By utilize timing side-channel attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-208: Observable Timing Discrepancy
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-30172
DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By persuading a victim to use a specially crafted signature and public key, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-34447
DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote attacker to bypass security restrictions, caused by a flaw when endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname. By sending a specially crafted request, an attacker could exploit this vulnerability to perform DNS poisoning attack.
CWE: CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-37370
DESCRIPTION: MIT Kerberos 5 (aka krb5) could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, an attacker could exploit this vulnerability to cause the unwrapped token to appear truncated to the application.
CWE: CWE-1220: Insufficient Granularity of Access Control
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVEID: CVE-2024-37371
DESCRIPTION: MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an invalid memory reads during GSS message token handling. By sending specially crafted message tokens, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38428
DESCRIPTION: GNU Wget could allow a remote authenticated attacker to bypass security restrictions, caused by the mishandling of semicolons in the userinfo subcomponent of a URI. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized actions.
CWE: CWE-115: Misinterpretation of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-4032
DESCRIPTION: An unspecified error with ipaddress considers some not globally reachable addresses global and vice versa in Python CPython has an unknown impact and attack vector.
CWE: CWE-697: Incorrect Comparison
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-42460
DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by missing check for whether the leading bit of r and s is zero. By utilizing cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2024-6923
DESCRIPTION: Python CPython is vulnerable to email header injection, caused by the failure to properly quote newlines for email headers when serializing an email message. By persuading a victim to open a specially crafted email, a remote authenticated attacker could exploit this vulnerability to spoof sender identity, gain unauthorized email sending or loss of control over email communication.
CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source: CISA ADP
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-29133
DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 7.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-43796
DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-43800
DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-45296
DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially crafted regex request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: CVE.org
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-45590
DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-405: Asymmetric Resource Consumption (Amplification)
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-50314
DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-11468
DESCRIPTION: Docker Registry is vulnerable to a denial of service, caused by the failure to restrict content sizes. An attacker could exploit this vulnerability to cause memory consumption.
CWE: CWE-399: Resource Management Errors
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-42694
DESCRIPTION: Unicode could allow a remote authenticated attacker to execute arbitrary code on the system, caused by insufficient visual distinction of visually similar or identical glyphs that are presented to the user. By creating a malicious patch using homoglyphs to conceal malicious functions, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: This vulnerability also affects Rust.
CWE: CWE-1005: 7PK - Input Validation and Representation
CVSS Source: IBM X-Force
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-23471
DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to exhaust memory on the host, and results in a denial of service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 5.7
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-23648
DESCRIPTION: containerd could allow a remote attacker to obtain sensitive information, caused by a flaw in the CRI implementation. By using a specially-crafted image configuration, an attacker could exploit this vulnerability to access to read-only copies of arbitrary files and directories on the host system, and use this information to launch further attacks against the affected system.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2022-31030
DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local authenticated attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-2253
DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/_catalog endpoint. By sending a specially crafted /v2/_catalog API endpoint request request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-25153
DESCRIPTION: containerd is vulnerable to a denial of service, caused by a memory exhaustion flaw when importing an OCI image. By using a specially-crafted image with a large file, a local attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-25173
DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups inside a container. By sending a specially-crafted request using supplementary group access, an attacker could exploit this vulnerability to bypass primary group restrictions.
CWE: CWE-863: Incorrect Authorization
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-3446
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-36632
DESCRIPTION: Python is vulnerable to a denial of service, caused by a RecursionError in email.utils.parseaddr #103800. By sending a specially crafted argument, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-674: Uncontrolled Recursion
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-37920
DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CWE: CWE-345: Insufficient Verification of Data Authenticity
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-39325
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-44487
DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-45284
DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the IsLocal function in the filepath package. An attacker could exploit this vulnerability to report "COM1", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3 as local.
CWE: CWE-287: Improper Authentication
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-45288
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATION frames in the HTTP/2 protocol stack in the net/http and x/net/http2 packages. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-202: Exposure of Sensitive Information Through Data Queries
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-48161
DESCRIPTION: GifLib Project GifLib could allow a local attacker to obtain sensitive information, caused by a heap-based buffer overflow in the DumpSCreen2RGB function in gif2rgb.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-48795
DESCRIPTION: OpenSSH could allow a remote attacker to bypass security restrictions, caused by a flaw in the SSH Binary Packet Protocol (BPP). By sending a specially crafted request, an attacker could exploit this vulnerability to bypass integrity checks such that some packets are omitted, and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled.
CWE: CWE-222: Truncation of Security-relevant Information
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-5678
DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DH_generate_key() function to generate an X9.42 DH key. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-6129
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-328: Use of Weak Hash
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-25620
DESCRIPTION: Helm could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user-supplied input. An attacker could supplying a specially-crafted Chart.yaml file containing a relative path change operation to view arbitrary files on the system.
CWE: CWE-23: Relative Path Traversal
CVSS Source: IBM X-Force
CVSS Base score: 6.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2024-25710
DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26147
DESCRIPTION: Helm is vulnerable to a denial of service, caused by the use of an uninitialized variable in the parsing of YAML files by the LoadIndexFile or DownloadIndexFile functions. By providing a specially crafted YAML file, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-457: Use of Uninitialized Variable
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-26308
DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-29025
DESCRIPTION: Netty is vulnerable to a denial of service, caused by an out-of memory flaw in HttpPostRequestDecoder. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-29131
DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 7.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-29857
DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-30171
DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decryption (both PKCS#1v1.5 and OAEP) feature. By utilize timing side-channel attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-208: Observable Timing Discrepancy
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-30172
DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By persuading a victim to use a specially crafted signature and public key, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-34447
DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote attacker to bypass security restrictions, caused by a flaw when endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname. By sending a specially crafted request, an attacker could exploit this vulnerability to perform DNS poisoning attack.
CWE: CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-37370
DESCRIPTION: MIT Kerberos 5 (aka krb5) could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, an attacker could exploit this vulnerability to cause the unwrapped token to appear truncated to the application.
CWE: CWE-1220: Insufficient Granularity of Access Control
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVEID: CVE-2024-37371
DESCRIPTION: MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an invalid memory reads during GSS message token handling. By sending specially crafted message tokens, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-38428
DESCRIPTION: GNU Wget could allow a remote authenticated attacker to bypass security restrictions, caused by the mishandling of semicolons in the userinfo subcomponent of a URI. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized actions.
CWE: CWE-115: Misinterpretation of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-4032
DESCRIPTION: An unspecified error with ipaddress considers some not globally reachable addresses global and vice versa in Python CPython has an unknown impact and attack vector.
CWE: CWE-697: Incorrect Comparison
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-42460
DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by missing check for whether the leading bit of r and s is zero. By utilizing cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2024-6923
DESCRIPTION: Python CPython is vulnerable to email header injection, caused by the failure to properly quote newlines for email headers when serializing an email message. By persuading a victim to open a specially crafted email, a remote authenticated attacker could exploit this vulnerability to spoof sender identity, gain unauthorized email sending or loss of control over email communication.
CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source: CISA ADP
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-29133
DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 7.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2024-43796
DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 5
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Cloud Transformation Advisor | 2.0.1 - 3.10.1 |
Remediation/Fixes
| Product(s) | Version(s) | Remediation/Fix/Instructions |
| IBM Cloud Transformation Advisor | 2.0.1 - 3.10.1 | Install v3.10.2 from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link. |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Off
Acknowledgement
Change History
08 Nov 2024: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS5Q6W","label":"IBM Cloud Transformation Advisor"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.X","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
12 March 2025
UID
ibm17175196