Primary

Context

Software AG ARIS Lack of Rate Limiting in File Upload Functionality Allowing Resource Exhaustion

Vulnerability

A denial-of-service vulnerability has been identified in Software AG ARIS versions through 10.0.23.0.3587512. The issue arises because the file upload feature does not implement any rate limiting or throttling, enabling users to upload files at an unrestricted pace. This lack of control can be exploited to quickly upload a large number of files, potentially causing resource exhaustion issues such as depleting disk space, increasing server load, or degrading overall performance.

Impact

Exploitation of this vulnerability can lead to denial-of-service conditions by causing resource exhaustion, such as filling up disk space, increasing server load, or degrading application performance.

Remediation

Users are advised to implement rate limiting on the file upload API. Instructions for updating to a fixed version can be found on the Software AG website.

Added: Jan 7, 2026, 5:42 PM

Updated: Jan 7, 2026, 5:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Software AG ARIS Lack of Rate Limiting in File Upload Functionality Allowing Resource Exhaustion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating