CVE-2024-45662

High

Published: 18 January 2025

Published

18 January 2025

Modified

14 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0018 39.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45662 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm Safer Payments. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match

prevent

Directly implements denial-of-service protections to prevent remote attackers from exhausting system resources with specially crafted requests.

SC-6 Resource Availability good match

prevent

Protects resource availability by implementing dedicated resource allocation or controls to mitigate improper resource allocation leading to exhaustion.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and timely remediation of flaws like this improper resource allocation vulnerability through patching.

NVD Description

IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.

Deeper analysisAI

CVE-2024-45662 is a vulnerability in IBM Safer Payments versions 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03, stemming from improper allocation of resources (CWE-770). This flaw allows a remote attacker to cause a denial of service by exhausting system resources. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high severity due to its network-based, unauthenticated nature with significant availability impact.

An unauthenticated remote attacker can exploit this by sending specially crafted requests that trigger inefficient resource allocation, leading to denial of service. This disrupts the availability of IBM Safer Payments services, such as payment processing, without compromising confidentiality, integrity, or enabling code execution.

IBM's advisory at https://www.ibm.com/support/pages/node/7173765 details the issue and advises applying the corresponding fix packs for affected versions to remediate the vulnerability. Security practitioners should prioritize patching and monitor for unusual resource usage patterns indicative of exploitation attempts.

Details

CWE(s): CWE-770

Affected Products

ibm

safer payments

6.4.0.00 — 6.4.2.08 · 6.5.0.00 — 6.5.0.06 · 6.6.0.00 — 6.6.0.03

CVEs Like This One

CVE-2025-36070Same vendor: Ibm

CVE-2026-1376Same vendor: Ibm

CVE-2024-41742Same vendor: Ibm

CVE-2024-41743Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2023-49886Same vendor: Ibm

CVE-2026-0977Same vendor: Ibm

CVE-2026-1343Same vendor: Ibm

CVE-2023-38010Same vendor: Ibm

CVE-2026-4788Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7173765
Vendor Advisory · psirt@us.ibm.com