The vulnerability in CVE-2021-3712 have been addressed in the latest interim Fix (iFix) available on Fix Central for all 3 affected versions. Please note that this CVE only impacts the MessageBroker Suite of MDM Standard Edition (SE).
CVEID:CVE-2021-3712
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
InfoSphere Master Data Management | 12.0 |
InfoSphere Master Data Management | 11.5 |
InfoSphere Master Data Management | 11.6 |
This issue with OpenSSL has been resolved and available on Fix Central as an iFix for clients to apply.
Depending on the version a client is running, they should apply latest iFix package available for the 3 MDM versions impacted - 11.5.0, 11.6.0 and 12.0.
Please note that this vulnerability only impacts the MessageBroker Suite of MDM Standard Edition (SE).
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | infosphere_master_data_management | 11.5 | cpe:2.3:a:ibm:infosphere_master_data_management:11.5:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.6 | cpe:2.3:a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 12.0 | cpe:2.3:a:ibm:infosphere_master_data_management:12.0:*:*:*:*:*:*:* |