Medium: openssl

🗓️ 22 Mar 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 3 Views

OpenSSL vulnerable to data exposure in AES OCB mode and incorrect cipher handling in legacy functions.

Reporter	Title	Published	Views	Family All 472
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go	31 Aug 202216:17	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL	19 Aug 202216:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server	25 Jan 202316:00	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus	17 Sep 202206:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities	25 Jul 202313:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus	14 Nov 202214:13	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel and OpenSSL may affect IBM Spectrum Copy Data Management	17 Sep 202201:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors	30 Dec 202212:37	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	openssl	3.0.8-1.amzn2023.0.1	openssl-3.0.8-1.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	openssl	3.0.8-1.amzn2023.0.1	openssl-3.0.8-1.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	openssl-debuginfo	3.0.8-1.amzn2023.0.1	openssl-debuginfo-3.0.8-1.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	openssl-debuginfo	3.0.8-1.amzn2023.0.1	openssl-debuginfo-3.0.8-1.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	openssl-debugsource	3.0.8-1.amzn2023.0.1	openssl-debugsource-3.0.8-1.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	openssl-debugsource	3.0.8-1.amzn2023.0.1	openssl-debugsource-3.0.8-1.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	openssl-devel	3.0.8-1.amzn2023.0.1	openssl-devel-3.0.8-1.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	openssl-devel	3.0.8-1.amzn2023.0.1	openssl-devel-3.0.8-1.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	openssl-libs	3.0.8-1.amzn2023.0.1	openssl-libs-3.0.8-1.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	openssl-libs	3.0.8-1.amzn2023.0.1	openssl-libs-3.0.8-1.amzn2023.0.1.x86_64.rpm

22 Mar 2023 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 25

CVSS 3.17.5

EPSS0.19455

SSVC

openssl aes ocb mode data exposure legacy functions custom cipher encryption issue cve-2022-2097.