Login Sign Up

CVE-2024-56468

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in IBM InfoSphere Data Replication VSAM for z/OS allows remote attackers to cause denial of service by sending specially crafted invalid HTTP requests to the log reading service. It affects IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 installations. The vulnerability requires network access to the affected service.

💻 Affected Systems

Products:
  • IBM InfoSphere Data Replication VSAM for z/OS Remote Source
Versions: 11.4
Operating Systems: z/OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the log reading service component when accessible over the network.

📦 What is this software?

Infosphere Data Replication by Ibm

View all CVEs affecting Infosphere Data Replication →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the log reading service, potentially affecting data replication operations and requiring service restart.

🟠

Likely Case

Temporary denial of service affecting log reading functionality, requiring service restart to recover.

🟢

If Mitigated

Minimal impact with proper network segmentation and request filtering in place.

🌐 Internet-Facing: HIGH if service is exposed to untrusted networks without proper filtering.
🏢 Internal Only: MEDIUM as it requires network access but could be exploited by internal threat actors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malformed HTTP requests to the vulnerable service endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply APAR PH65438

Vendor Advisory: https://www.ibm.com/support/pages/node/7239221

Restart Required: Yes

Instructions:

1. Download APAR PH65438 from IBM Fix Central. 2. Apply the fix following IBM installation procedures. 3. Restart the affected service.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the log reading service to trusted IP addresses only.

Configure firewall rules to limit access to specific source IPs

Request Filtering

all

Implement HTTP request validation/filtering at network perimeter.

Configure WAF or proxy to filter malformed HTTP requests

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the vulnerable service
  • Deploy web application firewall with HTTP request validation rules

🔍 How to Verify

Check if Vulnerable:

Check if running IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 without APAR PH65438 applied.

Check Version:

Check IBM product documentation for version verification commands specific to your installation.

Verify Fix Applied:

Verify APAR PH65438 is installed and service is running version with the fix.

📡 Detection & Monitoring

Log Indicators:

  • Service crash/restart events
  • Malformed HTTP request patterns in access logs
  • Error messages related to HTTP parsing failures

Network Indicators:

  • Multiple malformed HTTP requests to log service endpoint
  • Unusual traffic patterns to service port

SIEM Query:

source="*ibm*" AND (event="service restart" OR event="crash") AND service="log_reading"

📊 Metadata

CVE ID: CVE-2024-56468
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-121
EPSS Score: 0.11% exploit probability (29.8th percentile)
Published: July 8, 2025
Last Updated: August 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56468, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)