SB2025082059 - Multiple vulnerabilities in IBM Edge Application Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025082059

SB2025082059 - Multiple vulnerabilities in IBM Edge Application Manager

Published: August 20, 2025

Security Bulletin ID SB2025082059
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2024-34750)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling HTTP/2 stream. A remote attacker can initiate multiple HTTP/2 connections to the server that are remain open and perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2023-22102)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-50379)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing access restrictions to the default servlet. If the default servlet is write enabled (readonly initialisation parameter set to the non-default value of false) for a case insensitive file system, concurrent read and upload under load of the same file can bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to remote code execution.


4) Uncontrolled Recursion (CVE-ID: CVE-2024-7254)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields. A remote attacker can pass specially crafted input to the application to create unbounded recursions and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References