WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs.
CVEID:CVE-2022-37734
**DESCRIPTION:**GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235781 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM CICS TX Standard | All |
IBM recommends you apply these fixes.
Product
| VRMF|APAR|Remediation / First Fix
—|—|—|—
IBM CICS TX Standard| 11.1| Updated Liberty is shipped along with IFIX image and made available on Fix Central|
Linux: Fix Central Link
None
CPE | Name | Operator | Version |
---|---|---|---|
cics tx standard | eq | 11.1 |