OpenSSL used by IBM Events Operator as part of the Operating System (CVE-2023-0286).
CVEID:CVE-2023-0286
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Events Operator | 3.7.0 - 4.7.0 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Events Operator 4.8.0.
This gets included into IBM Common Services and is included in 3.19.x, 3.23.x and 4.x channels. Follow the upgrading and migrating to upgrade to a newer version of IBM Common Services.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm events operator | ge | 3.7.0 | |
ibm events operator | le | 4.7.0 |