IBM MQ Appliance has resolved an OpenSSL vulnerability
CVEID:CVE-2021-3712
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.2 CD |
IBM MQ Appliance | 9.2 LTS |
IBM MQ Appliance | 9.1 CD |
IBM MQ Appliance | 9.1 LTS |
This vulnerability is addressed under APAR IT38362.
IBM MQ Appliance version 9.1 LTS
Upgrade to fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.1 CD
Upgrade to 9.2.4 CD, or later firmware.
IBM MQ Appliance version 9.2 LTS
Apply fixpack 9.2.0.4, or later firmware.
IBM MQ Appliance version 9.2 CD
Upgrade to 9.2.4 CD, or later firmware.
None