Lucene search

K
ibmIBM4511672ABAC390A4740AC1F29036DE569FF668CA2A6F1C99BEF85003E83955A7
HistoryOct 04, 2021 - 3:50 p.m.

Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22924)

2021-10-0415:50:21
www.ibm.com
19

EPSS

0.002

Percentile

53.6%

Summary

The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to an unspecified error with bad connection reused.

Vulnerability Details

CVEID:CVE-2021-22924
**DESCRIPTION:**An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM ILOG CPLEX Optimization Studio (COS) 20.1.0.1

IBM ILOG CPLEX Optimization Studio (COS)| 20.1

IBM ILOG CPLEX Optimization Studio (COS)| 12.10

IBM ILOG CPLEX Optimization Studio (COS)| 12.9
IBM ILOG CPLEX Optimization Studio (COS)| 12.8

Remediation/Fixes

Please replace the initial DLL version with the fixed version 7.79.1 available on Fix Central.
MD checksum: 343C94A75FD43F7F04CDE8A079C58E67

How to upgrade:

  • locate the CPLEX binaries directory: %CPLEX_STUDIO_DIR%/cplex/bin/x64_win64 where %CPLEX_STUDIO_DIR% is the location where your CPLEX is installed.
  • download the new libcurl.dll
  • copy libcurl.dll to your CPLEX binaries directory (you might need administrative rights).

Workarounds and Mitigations

There is no workaround or mitigation