IBM6839291F5EF134F8DEFDE48AF5F167E02D33F04A8DA39CDD316A62E1466DD43ASecurity Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
AI Score
Confidence
High
Summary
OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2024-2511 is identified as a potential risk for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service Monitors/Application Service Monitors to the current version of OpenSLL, 3.2.1.
Vulnerability Details
CVEID:CVE-2024-2511
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287215 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Netcool System Service Monitors/Application Service Monitors | 4.0.1 |
Remediation/Fixes
| Product | VMRF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM Tivoli Netcool System Service Monitors/Application Service Monitors | 4.0.1 SP13 | PSIRTs Only | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Netcool+System+Service+Monitor&release=4.0.1.3&platform=All&function=fixId&fixids=4.0.1.3-TIV-SSM-IF0013&includeSupersedes=0&source=fc |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | tivoli_netcool_system_service_monitors | 4.0.1 | cpe:2.3:a:ibm:tivoli_netcool_system_service_monitors:4.0.1:*:*:*:*:*:*:* |
Related
AI Score
Confidence
High