Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9002

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 Jun, 2026 | 19:08
Updated At-30 Jun, 2026 | 19:30
Rejected At-
Credits

IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 Jun, 2026 | 19:08
Updated At:30 Jun, 2026 | 19:30
Rejected At:
▼CVE Numbering Authority (CNA)
IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.

Affected Products
Vendor
IBM CorporationIBM
Product
WebSphere Extreme Scale
CPEs
  • cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:*
Versions
Affected
  • From 8.6.1.0 through 8.6.1.6 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

ProductVersion(s)APARRemediation/First FixIBM WebSphere eXtreme Scale8.6.1.0 - 8.6.1.6PH71946  For older versions, upgrade to latest fixpack 8.6.1.6 and then apply the PH71946 iFix. If you are using 8.6.1.6  directly apply the PH71946 iFix. Recommended Fixes page for WebSphere eXtreme Scale http://www.ibm.com/support/docview.wss

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/pages/node/7278346
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7278346
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 Jun, 2026 | 20:17
Updated At:02 Jul, 2026 | 19:59

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

IBM Corporation
ibm
>>websphere_extreme_scale>>Versions from 8.6.1.0(inclusive) to 8.6.1.6(inclusive)
cpe:2.3:a:ibm:websphere_extreme_scale:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarypsirt@us.ibm.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: psirt@us.ibm.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7278346psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7278346
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

103Records found

CVE-2026-6732
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 45.85%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 22:19
Updated-30 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2020-4307
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 41.08%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 14:30
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CVE-2020-4790
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.49%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 14:50
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_governance_and_intelligenceSecurity Identity Governance and Intelligence
CWE ID-CWE-20
Improper Input Validation
CVE-2023-27556
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.01% / 58.94%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:56
Updated-30 Jan, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Safer Payments denial of service

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.

Action-Not Available
Vendor-IBM Corporation
Product-safer_paymentsSafer Payments
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-22333
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.27%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 19:45
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_external_authentication_serversterling_secure_proxySterling Secure Proxy
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-9071
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.19%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:47
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-8856
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.7||HIGH
EPSS-0.20% / 9.63%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:56
Updated-27 May, 2026 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

Action-Not Available
Vendor-IBM Corporation
Product-HTTP Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6052
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.32%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:09
Updated-28 May, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9320
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 24.16%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:53
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-7528
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.94%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:16
Updated-02 Jun, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-1916
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.08%
||
7 Day CHG~0.00%
Published-02 Jul, 2015 | 21:16
Updated-27 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.

Action-Not Available
Vendor-n/aIBM Corporation
Product-javan/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-4410
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.50% / 39.13%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:54
Updated-01 Jun, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service

IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server - LibertyWebSphere Application Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-40692
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.07% / 60.88%
||
7 Day CHG~0.00%
Published-03 Dec, 2023 | 23:51
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-32341
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 44.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:58
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator denial of service

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6051
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.49%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:07
Updated-28 May, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-22874
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.80%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 14:57
Updated-29 Jan, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-3669
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 19.96%
||
7 Day CHG~0.00%
Published-26 Aug, 2022 | 15:25
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Action-Not Available
Vendor-n/aFedora ProjectIBM CorporationLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_for_ibm_z_systemsenterprise_linuxenterprise_linux_eusspectrum_protect_plusenterprise_linux_for_power_little_endianenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_for_nfv_tusopenshift_container_platformcodeready_linux_builderenterprise_linux_for_real_time_tusvirtualization_hostdebian_linuxenterprise_linux_server_ausenterprise_linux_for_power_little_endian_eusspectrum_copy_data_managemententerprise_linux_for_ibm_z_systems_euslinux_kernelenterprise_linux_server_tusbuild_of_quarkusfedoradeveloper_toolsenterprise_linux_ausenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timekernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2012-4863
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.17% / 63.52%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 13:49
Updated-06 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqWebSphere MQ
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43893
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.41% / 33.40%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 01:58
Updated-13 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Privilege denial of service

IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_on-premisesmacoswindowsSecurity Verify Privilege
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43880
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.17% / 6.53%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 15:34
Updated-24 Apr, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar WinCollect Agent

IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_wincollectQRadar WinCollect Agent
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-45167
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.25% / 16.48%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 03:52
Updated-03 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0992
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.9||LOW
EPSS-0.31% / 22.55%
||
7 Day CHG+0.01%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xml catalogs

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-39165
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.18% / 8.25%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 18:48
Updated-15 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-39164
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.18% / 8.25%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 19:26
Updated-10 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-4049
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.33% / 24.48%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-42031
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-1.03% / 59.39%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 17:50
Updated-11 Sep, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX denial of service

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelaixcics_txCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-33168
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 50.93%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 01:19
Updated-12 Dec, 2024 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA denial of service

IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-38737
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.79% / 51.83%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 18:07
Updated-02 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server Liberty
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-38741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 52.13%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 17:19
Updated-09 Oct, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformlinux_kernelhp-uxwindowsaixTXSeries for Multiplatformstxseries_for_multiplatforms
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5023
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.31%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-4956
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 15:05
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_operations_centerSpectrum Protect Operations Center
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-4766
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.47% / 70.56%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 16:50
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.

Action-Not Available
Vendor-IBM Corporation
Product-mq_internet_pass-thruMQ Internet Pass-Thru
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-4183
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.52% / 87.80%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:05
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-4080
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.12% / 86.26%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-4046
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.22% / 86.67%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 18:15
Updated-17 Sep, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-31006
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 55.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 01:05
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container denial of service

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30999
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.64%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 00:31
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager denial of service

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Dockersecurity_verify_access_dockersecurity_verify_access
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-1786
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.43% / 82.19%
||
7 Day CHG~0.00%
Published-12 Nov, 2018 | 16:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-tivoli_storage_managerlinux_kerneltivoli_storage_manager_for_virtual_environments_data_protection_for_vmwarespectrum_protectwindowsspectrum_protect_for_virtual_environments_data_protection_for_hyper-vtivoli_storage_manager_for_virtual_environments_data_protection_for_hyper-vspectrum_protect_manager_for_virtual_environments_data_protection_for_vmwareSpectrum Protect
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43740
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 15:13
Updated-16 Sep, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access denial of service

IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_oidc_providerSecurity Verify Access
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-34335
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 49.08%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 16:42
Updated-08 Apr, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Partner Engagement Manager denial of service

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsterling_partner_engagement_managerSterling Partner Engagement Manager
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-3768
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-1.24% / 65.41%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 19:00
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3530_m4_firmwaresystem_x3650_m5bladecenter_hs23e_firmwaresystem_x3100_m5_firmwarebladecenter_hs22_firmwarebladecenter_hs23eflex_system_x222_m4_firmwaresystem_x3630_m4nextscale_nx360_m4_firmwaresystem_x3550_m5flex_system_x280_x6system_x3650_m4_firmwareidataplex_dx360_m4_firmwaresystem_x3650_m4_hd_firmwaresystem_x3300_m4flex_system_x880_firmwaresystem_x3550_m5_firmwarenextscale_nx360_m5_firmwaresystem_x3250_m5system_x3650_m4_hdsystem_x3250_m6_firmwaresystem_x3750_m4_firmwareflex_system_x240_m4_firmwareflex_system_x240_m5_firmwareflex_system_x880_m4_firmwareflex_system_x280_m4system_x3550_m4system_x3650_m4_bd_firmwareflex_system_x880system_x3950_x6flex_system_x280_m4_firmwaresystem_x3750_m4system_x3550_m4_firmwareflex_system_x222_m4flex_system_x220_m4system_x3500_m4_firmwaresystem_x3100_m5idataplex_dx360_m4_water_cooledsystem_x3250_m5_firmwareflex_system_x440_m4system_x3650_m4idataplex_dx360_m4_water_cooled_firmwareflex_system_x280_x6_firmwareflex_system_x440_m4_firmwaresystem_x3630_m4_firmwareflex_system_x480_m4bladecenter_hs22flex_system_x480_m4_firmwareflex_system_x220_m4_firmwaresystem_x3850_x6_firmwarenextscale_nx360_m4nextscale_nx360_m5bladecenter_hs23system_x3100_m4_firmwaresystem_x3250_m4system_x3250_m6system_x3850_x6idataplex_dx360_m4system_x3650_m4_bdbladecenter_hs23_firmwareflex_system_x880_m4system_x3500_m5_firmwareflex_system_x480_x6_firmwaresystem_x3650_m5_firmwaresystem_x3950_x6_firmwaresystem_x3500_m5flex_system_x240_m5flex_system_x480_x6system_x3250_m4_firmwaresystem_x3300_m4_firmwaresystem_x3500_m4system_x3100_m4system_x3530_m4flex_system_x240_m4Integrated Management Module 2 (IMM2)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-1794
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.14%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 15:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_monitoringTivoli Monitoring
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-22332
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 44.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:54
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Integration Bus for z/OS denial of service

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.

Action-Not Available
Vendor-IBM Corporation
Product-integration_busIntegration Bus for z/OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-47150
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.55%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 14:01
Updated-04 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Cryptographic Architecture denial of service

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.

Action-Not Available
Vendor-IBM Corporation
Product-Common Cryptographic Architecture
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-31365
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 30.42%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:16
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX2300, EX3400 and EX4300 Series: An Aggregated Ethernet (AE) interface will go down due to a stream of specific layer 2 frames

An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4300-mpjunosex4300ex3400ex2300Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-37148
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 14.24%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 16:43
Updated-14 Oct, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore functionality.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-ArubaOS (AOS)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-50212
Matching Score-4
Assigner-8fc372e3-d9c5-46e4-9410-38469745c639
ShareView Details
Matching Score-4
Assigner-8fc372e3-d9c5-46e4-9410-38469745c639
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.03%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 07:32
Updated-04 Jun, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Remote Device Unbinding

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.

Action-Not Available
Vendor-Acer Inc.
Product-connect_m6e_5g_firmwareconnect_m6e_5gConnect M6E 5G Portable WiFi Router
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22191
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 27.46%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 15:50
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosex4300Junos OS
CWE ID-CWE-410
Insufficient Resource Pool
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22155
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.11%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 00:20
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps

An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosacx5448Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-20691
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.63% / 45.61%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 16:56
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found