Security Bulletin: IBM Safer Payments is vulnerable to OpenSSL Information Disclosure Problem (CVE-2021-3712)

Summary

IBM Safer Payments versions uses OpenSSL. This vulnerability is addressed.

Vulnerability Details

CVEID:CVE-2021-3712
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Affected Products and Versions

Affected Product(s): IBM Safer Payments

Version(s): 5.7.0.00 - 5.7.0.14, 6.0.0.00 - 6.0.0.11, 6.1.0.00 - 6.1.0.09, 6.2.0.00 - 6.2.1.04, and 6.3.0.00 - 6.3.0.01

Remediation/Fixes

Update IBM Safer Payments to version 5.7.0.15, 6.0.0.12, 6.1.0.10, 6.2.1.05, 6.3.0.02 or higher.

Refer to the IBM Safer Payments documentation to download the updates.

Workarounds and Mitigations

None