CVE-2010-4594

Name of the Vulnerable Software and Affected Versions IBM Lotus Mobile Connect versions prior to 6.1.4

Description The issue is related to a "timing hole" in the Connection Manager when HTTP Access Services (HTTP-AS) is enabled, allowing remote attackers to cause a denial of service by making many connection requests. This results in memory consumption and HTTP-AS hang due to "queue size delta errors".

Recommendations For versions prior to 6.1.4, update to version 6.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP Access Services (HTTP-AS) to minimize the risk of exploitation.