CVE-2024-41766

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3

Description The issue is related to the use of a regular expression with inefficient computational complexity in IBM Engineering Lifecycle Optimization - Publishing. This could allow a remote attacker to cause a denial of service using a complex regular expression.

Recommendations For versions 7.0.2 and 7.0.3, consider disabling the use of complex regular expressions until a patch is available. As a temporary workaround, restrict access to the affected module to minimize the risk of exploitation. Avoid using the vulnerable function related to regular expression processing in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.