CVE-2024-41742

High

Published: 19 January 2025

Published

19 January 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0007 21.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41742 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm Txseries For Multiplatforms. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match

prevent

Directly mitigates slowloris-type DoS attacks by implementing denial-of-service protections, including enforcement of timeouts on read operations to prevent resource exhaustion.

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in improper timeout enforcement on individual read operations through timely application of vendor patches from the IBM advisory.

SC-6 Resource Availability good match

prevent

Protects system resource availability by allocating resources with throttling and safeguards against unthrottled read operations that lead to denial of service.

NVD Description

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of…

service.

Deeper analysisAI

CVE-2024-41742 is a denial-of-service vulnerability in IBM TXSeries for Multiplatforms 10.1, stemming from improper enforcement of timeouts on individual read operations. This flaw, mapped to CWE-770 (Allocation of Resources Without Limits or Throttling), allows slowloris-type attacks to overwhelm the affected component.

A remote attacker requires no privileges or user interaction and can exploit this over the network with low attack complexity. Successful exploitation results in high availability impact, causing a denial of service, as reflected in the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

IBM has published a security advisory with details on the vulnerability at https://www.ibm.com/support/pages/node/7172103.

Details

CWE(s): CWE-770

Affected Products

ibm

txseries for multiplatforms

10.1

CVEs Like This One

CVE-2024-41743Same product: Ibm Txseries For Multiplatforms

CVE-2024-43178Same product: Linux Linux Kernel

CVE-2024-51476Same product: Linux Linux Kernel

CVE-2025-13718Same product: Linux Linux Kernel

CVE-2025-13219Same product: Linux Linux Kernel

CVE-2024-45643Same product: Linux Linux Kernel

CVE-2025-13726Same product: Linux Linux Kernel

CVE-2025-33088Same product: Linux Linux Kernel

CVE-2025-36253Same product: Linux Linux Kernel

CVE-2025-13214Same product: Linux Linux Kernel

References

https://www.ibm.com/support/pages/node/7172103
Vendor Advisory · psirt@us.ibm.com