{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27267", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-02-22T01:26:39.521Z", "datePublished": "2024-08-14T15:59:46.807Z", "dateUpdated": "2025-09-29T17:05:49.132Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*"], "defaultStatus": "unaffected", "product": "SDK, Java Technology Edition", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.1.5.18", "status": "affected", "version": "7.1.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.0.8.26", "status": "affected", "version": "8.0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. "}], "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-29T17:05:49.132Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7165421"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM SDK, Java Technology Edition denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T18:27:40.627571Z", "id": "CVE-2024-27267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:28:56.564Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-14T18:27:40.627571Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:28:40.972Z"}}], "cna": {"title": "IBM SDK, Java Technology Edition denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:7.1.5.18:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.0.0:*:*:*:technology:*:*:*", "cpe:2.3:a:ibm:java_sdk:8.0.8.26:*:*:*:technology:*:*:*"], "vendor": "IBM", "product": "SDK, Java Technology Edition", "versions": [{"status": "affected", "version": "7.1.0.0", "versionType": "semver", "lessThanOrEqual": "7.1.5.18"}, {"status": "affected", "version": "8.0.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.8.26"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7165421", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.", "supportingMedia": [{"type": "text/html", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-29T17:05:49.132Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27267", "state": "PUBLISHED", "dateUpdated": "2025-09-29T17:05:49.132Z", "dateReserved": "2024-02-22T01:26:39.521Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-08-14T15:59:46.807Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "5DDFFC65-9A40-45B6-BEAB-AC2A72A0B0BD", "versionEndIncluding": "7.1.5.18", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:java_technology:*:*:*", "matchCriteriaId": "A0954E69-2308-4A9C-B786-6FB188823ED6", "versionEndIncluding": "8.0.8.26", "versionStartIncluding": "8.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads."}, {"lang": "es", "value": "El Object Request Broker (ORB) en IBM SDK, Java Technology Edition 7.1.0.0 a 7.1.5.18 y 8.0.0.0 a 8.0.8.26 es vulnerable a la denegaci\u00f3n remota de servicio, provocada por una condici\u00f3n de ejecuci\u00f3n en la gesti\u00f3n de subprocesos de escucha de ORB. ID de IBM X-Force: 284573."}], "id": "CVE-2024-27267", "lastModified": "2025-09-29T17:15:29.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-14T16:15:10.950", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7165421"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6595", "cpe": "cpe:/a:redhat:enterprise_linux:8::supplementary", "package": "java-1.8.0-ibm-1:1.8.0.8.30-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-11T00:00:00Z"}], "bugzilla": {"description": "ibm-java: Race condition may cause Denial of Service", "id": "2304975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304975"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-300", "details": ["The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573.", "A flaw was found in IBM SDK, Java Technology Edition. A race condition in the management of ORB listener threads can cause a remote denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27267", "public_date": "2024-08-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27267\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27267\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/284573\nhttps://www.ibm.com/support/pages/node/7165421"], "threat_severity": "Moderate"}

{}