Cyber Resilience

CVE-2024-41742

HighDDoS

Published: 19 January 2025

Published
19 January 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0007 22.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41742 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm Txseries For Multiplatforms. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 22.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2024-41742 is a denial-of-service vulnerability in IBM TXSeries for Multiplatforms 10.1, stemming from improper enforcement of timeouts on individual read operations. This flaw, mapped to CWE-770 (Allocation of Resources Without Limits or Throttling), allows slowloris-type attacks to overwhelm the affected component.

A remote attacker requires no privileges or user interaction and can exploit this over the network with low attack complexity. Successful exploitation results in high availability impact, causing a denial of service, as reflected in the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

IBM has published a security advisory with details on the vulnerability at https://www.ibm.com/support/pages/node/7172103.

EU & UK References

Vulnerability details

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of…

more

service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability directly enables application-layer DoS via Slowloris-style connection exhaustion (T1499.004 Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-41743Same product: Ibm Txseries For Multiplatforms
CVE-2026-1718Same product: Linux Linux Kernel
CVE-2025-21717Same product: Linux Linux Kernel
CVE-2026-43006Same product: Linux Linux Kernel
CVE-2025-21794Same product: Linux Linux Kernel
CVE-2026-31557Same product: Linux Linux Kernel
CVE-2026-23139Same product: Linux Linux Kernel
CVE-2026-31539Same product: Linux Linux Kernel
CVE-2026-31676Same product: Linux Linux Kernel
CVE-2026-43029Same product: Linux Linux Kernel

Affected Assets

ibm
txseries for multiplatforms
10.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates slowloris-type DoS attacks by implementing denial-of-service protections, including enforcement of timeouts on read operations to prevent resource exhaustion.

prevent

Remediates the specific flaw in improper timeout enforcement on individual read operations through timely application of vendor patches from the IBM advisory.

prevent

Protects system resource availability by allocating resources with throttling and safeguards against unthrottled read operations that lead to denial of service.

References