IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability.
CVEID:CVE-2024-2511
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287215 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.3 LTS |
IBM MQ Appliance | 9.3 CD |
This vulnerability is addressed under APAR IT46074
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.3 LTS
Apply IBM MQ Appliance 9.3.0.20 fix pack, or later firmware.
IBM MQ Appliance version 9.3 CD
Apply IBM MQ Appliance 9.3.5.2 cumulative security update, or later firmware.
None