VDB
WID-SEC-W-2024-0521
WID-SEC-W-2024-0521
PUBLISHED
CVSS 8.699999809265137 HIGH
IBM MQ ist eine Message Oriented Middleware von IBM.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM App Connect Enterprise | ||
| IBM DataPower Gateway 10.5.4 | ||
| IBM DataPower Gateway 10.5.0.15 | ||
| IBM DataPower Gateway 10.5.0.10 | ||
| IBM DataPower Gateway <10.6.2 | ||
| IBM Business Automation Workflow | ||
| IBM App Connect Enterprise <=12.0.11.3 | ||
| IBM DataPower Gateway 10.0.1.18 | ||
| IBM DataPower Gateway <10.0.1.18 | ||
| IBM DataPower Gateway <10.5.4 | ||
| IBM DataPower Gateway <10.5.0.15 | ||
| IBM DataPower Gateway 10.6.2 | ||
| IBM FlashSystem | ||
| IBM App Connect Enterprise <=11.0.0.25 | ||
| IBM DataPower Gateway <10.5.0.10 | ||
| IBM DB2 | ||
| IBM DataPower Gateway 10.6.0.3 | ||
| IBM DataPower Gateway <10.6.0.3 |
Exploit Intelligence
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
- Educational environment for LTAT.04.022 Homework 4. (github-poc)
- TYuan0816/cve-2023-44487 (github-poc-repo)
- sn130hk/CVE-2023-44487 (github-poc-repo)
- RapidResetClient (github-poc-repo)
- POC for CVE-2023-44487 (github-poc-repo)
- Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) (github-poc-repo)
- A comprehensive Python testing tool for CVE-2023-44487, the HTTP/2 Rapid Reset vulnerability. This enhanced version provides granular control over testing parameters, multiple attack patterns, and advanced monitoring capabilities. (github-poc-repo)
…and 86 more exploits
Timeline
- Feb 29, 2024 CVE Published
- Dec 15, 2024 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0521.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0521 advisory
- https://www.ibm.com/support/pages/node/7123135 url
- https://www.ibm.com/support/pages/node/7123136 url
- https://www.ibm.com/support/pages/node/7123137 url
- https://www.ibm.com/support/pages/node/7123138 url
- https://www.ibm.com/support/pages/node/7123139 url
- https://www.ibm.com/support/pages/node/7126571 url
- https://www.ibm.com/support/pages/node/7129251 url
- https://www.ibm.com/support/pages/node/7137570 url
- https://www.ibm.com/support/pages/node/7138007 url
- https://www.ibm.com/support/pages/node/7145367 url
- https://www.ibm.com/support/pages/node/7145780 url
- https://www.ibm.com/support/pages/node/7146478 url
- https://www.ibm.com/support/pages/node/7114770 url
- https://www.ibm.com/support/pages/node/7150144 url
- https://www.ibm.com/support/pages/node/7150158 url
- https://www.ibm.com/support/pages/node/7162189 url
- https://www.ibm.com/support/pages/node/7178670 url