7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.004 Low
EPSS
Percentile
71.2%
A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Cloud Extender Agent (V2.106.100.008) and Modules.
CVEID:CVE-2021-22924
**DESCRIPTION:**An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2021-3712
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MaaS360 Base Module | 2.105.300 and prior |
IBM MaaS360 VPN Module | 2.105.300 and prior |
IBM MaaS360 Certificate Integration Module | 2.105.300 and prior |
IBM MaaS360 Cloud Extender Agent | 2.105.300.005 and prior |
Update the IBM MaaS360 Cloud Extender to version 2.106.100.008 or greater. The Cloud Extender version 2.106.100.008 will be available on 22-November-2021
The latest Cloud Extender agent is available within the MaaS360 Administrator Portal. Instructions to upgrade the Agent is located on this IBM Documentation page. Instructions on how to upgrade the VPN Module is located on this IBM Documentation page.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm maas360 | eq | 2.101.100 |
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.004 Low
EPSS
Percentile
71.2%