An issue was identified with OpenSSL which is shipped on IBM MQ for IBM i platforms and used within the Advanced Messaging Security component.
CVEID:CVE-2021-23840
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196848 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.1 LTS |
IBM MQ | 9.0 LTS |
IBM MQ | 8.0 |
IBM MQ | 9.2 LTS |
This issue was addressed under APAR SE74947
IBM MQ Version 8
IBM MQ Version 9.0
Apply interim fix for SE74947 for 9.0.0.11
IBM MQ Version 9.1 LTS
IBM MQ Version 9.2 LTS
None