What is the severity of CVE-2024-27267?

CVE-2024-27267 is classified as a remote denial of service vulnerability in specific versions of the IBM SDK, Java Technology Edition and IBM Sterling Secure Proxy.

How do I fix CVE-2024-27267?

To fix CVE-2024-27267, you should apply the available patches for affected versions of the IBM SDK and IBM Sterling Secure Proxy.

Which versions are affected by CVE-2024-27267?

CVE-2024-27267 affects IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26, as well as IBM Sterling Secure Proxy up to 6.1.0.0.

What causes the vulnerability CVE-2024-27267?

CVE-2024-27267 is caused by a race condition in the management of ORB listener threads.

Can CVE-2024-27267 be exploited remotely?

Yes, CVE-2024-27267 can be exploited remotely to cause a denial of service.

Vulnerability/
CVE-2024-27267

medium

5.9

CWE

300 362

12/8/2024

14/8/2024

19/2/2025

CVE-2024-27267: IBM SDK, Java Technology Edition denial of service

First published: Mon Aug 12 2024(Updated: )

Plexus-Utils could allow a remote authenticated attacker to obtain sensitive information, caused by an XML injection vulnerability in the XmlWriterUtil.java script. By sending a specially-crafted request to XMLWriter using a "-->" sequence, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM SDK, Java Technology Edition	>=7.1.0.0<=7.1.5.18
IBM SDK, Java Technology Edition	>=8.0.0.0<=8.0.8.26
IBM Cognos Controller	<=11.0.0 - 11.0.1 FP3
IBM Controller	<=11.1.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183597

Frequently Asked Questions

What is the severity of CVE-2024-27267?
CVE-2024-27267 is classified as a remote denial of service vulnerability in specific versions of the IBM SDK, Java Technology Edition and IBM Sterling Secure Proxy.
How do I fix CVE-2024-27267?
To fix CVE-2024-27267, you should apply the available patches for affected versions of the IBM SDK and IBM Sterling Secure Proxy.
Which versions are affected by CVE-2024-27267?
CVE-2024-27267 affects IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26, as well as IBM Sterling Secure Proxy up to 6.1.0.0.
What causes the vulnerability CVE-2024-27267?
CVE-2024-27267 is caused by a race condition in the management of ORB listener threads.
Can CVE-2024-27267 be exploited remotely?
Yes, CVE-2024-27267 can be exploited remotely to cause a denial of service.

agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
agent/severity
agent/trending
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/ibm-support
source/IBM
agent/references
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
agent/event
vendor/ibm
canonical/ibm sdk, java technology edition
version/ibm sdk, java technology edition/7.1.0.0
version/ibm sdk, java technology edition/7.1.5.18
version/ibm sdk, java technology edition/8.0.0.0
version/ibm sdk, java technology edition/8.0.8.26
canonical/ibm cognos controller
version/ibm cognos controller/11.0.0 - 11.0.1 fp3
canonical/ibm controller
version/ibm controller/11.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.