SB2025030409 - Multiple vulnerabilities in IBM Event Endpoint Management

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Incorrect Regular Expression (CVE-ID: CVE-2024-21538)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

2) Infinite loop (CVE-ID: CVE-2024-55565)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote user can consume all available system resources and cause denial of service conditions.

3) Resource exhaustion (CVE-ID: CVE-2025-25193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application attempts to load a file that does not exist. A local user can create a large file on the system and crash the application.

Note, the vulnerability affects Windows installations only.

4) Resource management error (CVE-ID: CVE-2024-47535)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unsafe reading of an environment file on Windows. A local user can create an overly large file and perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2025-24970)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in SslHandler when using native SSLEngine. A remote attacker can send a specially crafted packet to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7184690