SB2025080530 - Multiple vulnerabilities in IBM Cloud Pak System
Published: August 5, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-45663)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-41762)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application allocate resources without limits or throttling. A remote user can cause a server crash under certain conditions by sending a specially crafted query.
3) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-41761)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger a server crash under certain conditions by sending a specially crafted query.
4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-40679)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
5) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-37071)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly allocate memory. A remote user can trigger uncontrolled memory allocation and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.