Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)

Summary OpenSSL vulnerabilities were disclosed August, November, and December 2017 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could...

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by openssl vulnerabilities CVE-2021-23840 and CVE-2021-23841

Summary IBM App Connect Enterprise Certified Container may be affected by denial of service vulnerabilties in all images dues to OpenSSL CVE-2021-23840 and CVE-2021-23841 Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer...

Security Bulletin: This Power System update is being released to address CVE 2021-3450 and CVE 2021-3449

Summary POWER9: In response to security issues with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE 2021-3450 and CVE 2021-3449. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a...

Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2180, CVE-2016-2182, CVE-2016-6306)

Summary Open SSL is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2180 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TSOBJprintbio function. A remote attacker could...

[R2] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202109.1

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable opted to...

Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary Aspera Web Applications Shares, Console have addressed the following OpenSSL Vulnerabilities. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the...

Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary IBM Cloud Private is vulnerable to OpenSSL vulnerabilities Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during a padding check. If the...

Vulnerabilities fixed in OpenSSL

The developers of OpenSSL have fixed two vulnerabilities. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service, or potentially gain access to sensitive data, including possibly private keys currently actively in use on the system. Misu...

OPENSUSE-SU-2021:2830-1 Security update for openssl-1_1

This update for openssl-11 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. bsc1189520 - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious...

Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHel...

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2353-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2353-1 advisory. Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290:...

OpenSSL CVE-2021-3449 and CVE-2021-3450 vulnerabilities affected certain SonicWall Products

Certain SonicWall products highlighted below are affected by the OpenSSL CVE-2021-3449 and CVE-2021-3450 vulnerability. Product Affected Versions p class="MsoNormal" style="margin-bottom:0in;line-...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450 with details below. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the...

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by OpenSSL vulnerabilities

Summary There are vulnerabilities in OpenSSL used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVEs: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sendi...

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a...

Security Bulletin: Update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1

Summary There is an update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a...

OpenSSL Vulnerabilities Mar 2021

Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to two vulnerabilities. A remote attacker may be able to cause denial of service through application crashes. An application may successfully validate an invalid X.509 certificate...

OpenSSL Trust Management Issues Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenSSL vulnerabilities (USN-4738-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4738-1 advisory. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly...