IBM MQ Appliance has addressed the following OpenSSL vulnerability.
CVEID: CVE-2017-3736
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.9
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates between 9.0.1 and 9.0.5
IBM MQ Appliance 8.0
Apply the iFix for APAR IT25249
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply the iFix for APAR IT25249
None