This issue was fixed in MTM 5.x and 7.x versions. In a high-availability environment with multiple servers, a failure on one of the servers could cause a service failover, which could result in data loss and service interruption for some clients. In addition, a local user could create a Denial of Service attack by sending crafted messages to the server where the IBM CCA is running. This issue was fixed in MTM 5.x and 7.x versions. In a high-availability environment with multiple servers, a failure on one of the servers could cause a service failover, which could result in data loss and service interruption for some clients. In addition, a local user could create a Denial of Service attack by sending crafted messages to the server where the IBM CCA is running.

Solution

This issue was fixed in MTM 5.x and 7.x versions. In a high-availability environment with multiple servers, a failure on one of the servers could cause a service failover, which could result in data loss and service interruption for some clients. In addition, a local user could create a Denial of Service attack by sending crafted messages to the server where the IBM CCA is running.

IBM CCA Denial of Service Vulnerability

An issue was discovered in IBM CCA. A denial of service vulnerability on the IBM CCA could be exploited locally. The vulnerability is caused by a data race condition that exists when processing XML messages with multiple simultaneous threads reading and writing to the same XML file. An attacker could exploit this vulnerability by sending crafted XML messages, which cause an infinite loop for the CCA service. A exploit requires local system access, but no authentication is required. This issue was fixed in MTM 5.x and 7.x versions.

CVE-2023-22424

This issue was fixed in MTM 6.x version. In a high-availability environment with multiple servers, a failure on one of the servers could cause a service failover, which could result in data loss and service interruption for some clients. In addition, a local user could create a Denial of Service attack by sending crafted messages to the server where the IBM CCA is running. This issue was fixed in MTM 6.x version. In a high-availability environment with multiple servers, a failure on one of the servers could cause a service failover, which could result in data loss and service interruption for some clients. In addition, a local user could create a Denial of Service attack by sending crafted messages to the server where the IBM CCA is running.

Details of IBM MTM Denial of Service Attacks

This issue was fixed in MTM 5.x and 7.x versions. In a high-availability environment with multiple servers, a failure on one of the servers could cause a service failover, which could result in data loss and service interruption for some clients. In addition, a local user could create a Denial of Service attack by sending crafted messages to the server where the IBM CCA is running.

Timeline

Published on: 09/23/2022 18:15:00 UTC
Last modified on: 09/27/2022 14:29:00 UTC

References