Lucene search

K
ibmIBMDB7A3BED3C09C462DD2CAB29AEE3176C37917F08D4A796E276928D9DE33E6FE3
HistoryFeb 13, 2024 - 4:49 p.m.

Security Bulletin: Due to the use of OpenSSL, IBM CICS TX Advanced is vulnerable to a denial of service (DOS) (CVE-2023-3817 and CVE-2023-3446).

2024-02-1316:49:59
www.ibm.com
19
ibm cics tx advanced
openssl
denial of service
vulnerability
update
dos
cve-2023-3817
cve-2023-3446
version 10.1

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.4

Confidence

High

EPSS

0.005

Percentile

77.2%

Summary

There are vulnerabilities in OpenSSL when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. OpenSSL is used IBM CICS TX Advanced to provide cryptographic functionality within its applications. An update to IBM CICS TX Advanced has been released to address the vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-3817
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-3446
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261026 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS TX Advanced 10.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by updating IBM CICS TX Advanced.

Product Version Platform Remediation/Fix
IBM CICS TX Advanced

10.1

| Linux|

Download the update from Fix Central.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_txMatch10.1

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.4

Confidence

High

EPSS

0.005

Percentile

77.2%