Cyber Resilience

CVE-2024-45662

HighDDoS

Published: 18 January 2025

Published
18 January 2025
Modified
14 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0018 39.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45662 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm Safer Payments. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2024-45662 is a vulnerability in IBM Safer Payments versions 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03, stemming from improper allocation of resources (CWE-770). This flaw allows a remote attacker to cause a denial of service by exhausting system resources. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high severity due to its network-based, unauthenticated nature with significant availability impact.

An unauthenticated remote attacker can exploit this by sending specially crafted requests that trigger inefficient resource allocation, leading to denial of service. This disrupts the availability of IBM Safer Payments services, such as payment processing, without compromising confidentiality, integrity, or enabling code execution.

IBM's advisory at https://www.ibm.com/support/pages/node/7173765 details the issue and advises applying the corresponding fix packs for affected versions to remediate the vulnerability. Security practitioners should prioritize patching and monitor for unusual resource usage patterns indicative of exploitation attempts.

EU & UK References

Vulnerability details

IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
Why these techniques?

Remote unauthenticated resource exhaustion DoS on public-facing app directly maps to T1190 exploitation and T1499.003 application exhaustion.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1376Same vendor: Ibm
CVE-2025-36070Same vendor: Ibm
CVE-2023-49886Same vendor: Ibm
CVE-2024-39750Same vendor: Ibm
CVE-2026-9170Same vendor: Ibm
CVE-2026-8175Same vendor: Ibm
CVE-2026-7876Same vendor: Ibm
CVE-2024-22348Same vendor: Ibm
CVE-2024-41787Same vendor: Ibm
CVE-2025-36365Same vendor: Ibm

Affected Assets

ibm
safer payments
6.4.0.00 — 6.4.2.08 · 6.5.0.00 — 6.5.0.06 · 6.6.0.00 — 6.6.0.03

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements denial-of-service protections to prevent remote attackers from exhausting system resources with specially crafted requests.

prevent

Protects resource availability by implementing dedicated resource allocation or controls to mitigate improper resource allocation leading to exhaustion.

prevent

Requires identification, reporting, and timely remediation of flaws like this improper resource allocation vulnerability through patching.

References