{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27267", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-02-22T01:26:39.521Z", "datePublished": "2024-08-14T15:59:46.807Z", "dateUpdated": "2024-08-14T18:28:56.564Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*"], "defaultStatus": "unaffected", "product": "SDK, Java Technology Edition", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.1.5.18", "status": "affected", "version": "7.1.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.0.8.26", "status": "affected", "version": "8.0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573."}], "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-300", "description": "CWE-300 Channel Accessible by Non-Endpoint", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-08-14T15:59:46.807Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7165421"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284573"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM SDK, Java Technology Edition denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T18:27:40.627571Z", "id": "CVE-2024-27267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:28:56.564Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-14T18:27:40.627571Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:28:40.972Z"}}], "cna": {"title": "IBM SDK, Java Technology Edition denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*"], "vendor": "IBM", "product": "SDK, Java Technology Edition", "versions": [{"status": "affected", "version": "7.1.0.0", "versionType": "semver", "lessThanOrEqual": "7.1.5.18"}, {"status": "affected", "version": "8.0.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.8.26"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7165421", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284573", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", "supportingMedia": [{"type": "text/html", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-300", "description": "CWE-300 Channel Accessible by Non-Endpoint"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-08-14T15:59:46.807Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27267", "state": "PUBLISHED", "dateUpdated": "2024-08-14T18:28:56.564Z", "dateReserved": "2024-02-22T01:26:39.521Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-08-14T15:59:46.807Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "5DDFFC65-9A40-45B6-BEAB-AC2A72A0B0BD", "versionEndIncluding": "7.1.5.18", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "A0954E69-2308-4A9C-B786-6FB188823ED6", "versionEndIncluding": "8.0.8.26", "versionStartIncluding": "8.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573."}, {"lang": "es", "value": "El Object Request Broker (ORB) en IBM SDK, Java Technology Edition 7.1.0.0 a 7.1.5.18 y 8.0.0.0 a 8.0.8.26 es vulnerable a la denegaci\u00f3n remota de servicio, provocada por una condici\u00f3n de ejecuci\u00f3n en la gesti\u00f3n de subprocesos de escucha de ORB. ID de IBM X-Force: 284573."}], "id": "CVE-2024-27267", "lastModified": "2024-09-11T13:48:12.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-08-14T16:15:10.950", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284573"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7165421"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-300"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6595", "cpe": "cpe:/a:redhat:enterprise_linux:8::supplementary", "package": "java-1.8.0-ibm-1:1.8.0.8.30-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-11T00:00:00Z"}], "bugzilla": {"description": "ibm-java: Race condition may cause Denial of Service", "id": "2304975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304975"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-300", "details": ["The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", "A flaw was found in IBM SDK, Java Technology Edition. A race condition in the management of ORB listener threads can cause a remote denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27267", "public_date": "2024-08-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27267\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27267\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/284573\nhttps://www.ibm.com/support/pages/node/7165421"], "threat_severity": "Moderate"}