CVE-2024-41766

CVE-2024-41766 is a denial-of-service vulnerability affecting IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The flaw, classified under CWE-1333, arises from the use of a complex regular expression that can be exploited to consume excessive resources, leading to service disruption. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact without requiring authentication or user interaction.

A remote attacker can exploit this vulnerability over the network with low complexity and no privileges by sending a specially crafted request containing a complex regular expression. Successful exploitation results in a denial of service, potentially crashing the affected service or rendering it unresponsive, though it does not enable data exfiltration, modification, or privilege escalation.

IBM has published a security advisory at https://www.ibm.com/support/pages/node/7180203 providing details on the vulnerability and available patches or workarounds for mitigation. Security practitioners should review the advisory for version-specific remediation steps to protect affected deployments.