Lucene search

K
ibmIBMEC94C08957C3FC96E55B7BF4B4A74A2D96A2DDE26A96A649E7FE9C97C31958BD
HistoryDec 13, 2021 - 3:19 p.m.

Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2021-3712

2021-12-1315:19:24
www.ibm.com
14

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

71.0%

Summary

The OpenSSL component of IBM MQ for HPE NonStop Server could allow a remote attacker to obtain sensitive information. The issue is described by CVE-2021-3712.

Vulnerability Details

CVEID:CVE-2021-3712
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ for HPE NonStop 8.1.0
IBM MQ for HPE NonStop 8.0.4

Remediation/Fixes

IBM MQ V8.1 for HPE NonStop 8.1.0.9 IT38364 Upgrade to Fixpack 8.1.0.9

Workarounds and Mitigations

None

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

71.0%