CVE-2023-27540

Published: Jul 10, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.

Affected (2)

Products: Ibm: Cloud Pak For Data, Watson Cp4d Data Stores

Ibm

2 products

Cloud Pak For Data

Watson Cp4d Data Stores

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Cloud Pak For Data	Version 4.6.0
Ibm Watson Cp4d Data Stores	All versions

Running on/with	Platform Versions
Redhat Openshift	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/248924

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7009883

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/248924

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7009883

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.