CVE-2024-45662

High

Published: 18 January 2025

Published

18 January 2025

Modified

14 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0018 39.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.

Security Summary

CVE-2024-45662 is a vulnerability in IBM Safer Payments versions 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03, stemming from improper allocation of resources (CWE-770). This flaw allows a remote attacker to cause a denial of service by exhausting system resources. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high severity due to its network-based, unauthenticated nature with significant availability impact.

An unauthenticated remote attacker can exploit this by sending specially crafted requests that trigger inefficient resource allocation, leading to denial of service. This disrupts the availability of IBM Safer Payments services, such as payment processing, without compromising confidentiality, integrity, or enabling code execution.

IBM's advisory at https://www.ibm.com/support/pages/node/7173765 details the issue and advises applying the corresponding fix packs for affected versions to remediate the vulnerability. Security practitioners should prioritize patching and monitor for unusual resource usage patterns indicative of exploitation attempts.

Details

CWE(s): CWE-770

Affected Products

ibm

safer payments

6.4.0.00 — 6.4.2.08 · 6.5.0.00 — 6.5.0.06 · 6.6.0.00 — 6.6.0.03

References

https://www.ibm.com/support/pages/node/7173765
Vendor Advisory · psirt@us.ibm.com