IBM EL Optimization Publishing 7.0.2-7.0.3 SSL Unhandled Exception DoS
CVE-2024-41768 Published on January 4, 2025
IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.
Vulnerability Analysis
CVE-2024-41768 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.
Weakness Type
Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. If the application handles error messages individually, on a one-by-one basis, this is likely to result in inconsistent error handling. The causes of errors may be lost. Also, detailed information about the causes of an error may be unintentionally returned to the user.
Products Associated with CVE-2024-41768
stack.watch emails you whenever new vulnerabilities are published in IBM Engineering Lifecycle Optimization Publishing or IBM Engineering Lifecycle Optimization. Just hit a watch button to start following.
Affected Versions
IBM Engineering Lifecycle Optimization Publishing Version 7.0.2, 7.0.3 is affected by CVE-2024-41768Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.