CVE-2024-41743

High

Published: 19 January 2025

Published

19 January 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0007 21.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41743 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm Txseries For Multiplatforms. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-10 (Concurrent Session Control) and SC-5 (Denial-of-service Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-6 Resource Availability good match

prevent

SC-6 directly enforces limits on resource allocation by process, user, or connection type, mitigating the improper resource allocation exploited via persistent connections in CVE-2024-41743.

SC-5 Denial-of-service Protection good match

prevent

SC-5 implements protections against denial-of-service events like resource exhaustion from persistent connections, comprehensively addressing the availability impact of CVE-2024-41743.

AC-10 Concurrent Session Control good match

prevent

AC-10 limits concurrent sessions or connections, preventing attackers from exhausting resources through persistent connections as in CVE-2024-41743.

NVD Description

IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources.

Deeper analysisAI

IBM TXSeries for Multiplatforms 10.1 is affected by CVE-2024-41743, a vulnerability that could allow a remote attacker to cause a denial of service through the use of persistent connections. This issue stems from improper allocation of resources, mapped to CWE-770 (Allocation of Resources Without Limits or Throttling). The vulnerability received a CVSS v3.1 base score of 7.5, reflecting its high severity primarily due to the availability impact.

A remote attacker with no privileges required can exploit this vulnerability over the network with low complexity and no user interaction. By leveraging persistent connections, the attacker can trigger excessive resource consumption, leading to a denial of service condition that disrupts service availability without impacting confidentiality or integrity.

The IBM security advisory provides details on mitigation and available patches; refer to https://www.ibm.com/support/pages/node/7172103 for specific remediation steps.

Details

CWE(s): CWE-770

Affected Products

ibm

txseries for multiplatforms

10.1

CVEs Like This One

CVE-2024-41742Same product: Ibm Txseries For Multiplatforms

CVE-2024-43178Same product: Linux Linux Kernel

CVE-2024-51476Same product: Linux Linux Kernel

CVE-2025-13718Same product: Linux Linux Kernel

CVE-2025-13219Same product: Linux Linux Kernel

CVE-2024-45643Same product: Linux Linux Kernel

CVE-2025-13726Same product: Linux Linux Kernel

CVE-2025-33088Same product: Linux Linux Kernel

CVE-2025-36253Same product: Linux Linux Kernel

CVE-2025-13214Same product: Linux Linux Kernel

References

https://www.ibm.com/support/pages/node/7172103
Vendor Advisory · psirt@us.ibm.com