The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service.
CVEID:CVE-2021-22945
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a use-after-free and double free flaw when sending data to an MQTT server. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM ILOG CPLEX Optimization Studio (COS) | 20.1.0.1 |
IBM ILOG CPLEX Optimization Studio (COS) | 20.1 |
IBM ILOG CPLEX Optimization Studio (COS)| 12.10
IBM ILOG CPLEX Optimization Studio (COS)| 12.9
IBM ILOG CPLEX Optimization Studio (COS)| 12.8
Please replace the initial DLL version with the fixed version 7.79.1 available on Fix Central.
MD checksum: 343C94A75FD43F7F04CDE8A079C58E67
How to upgrade:
%CPLEX_STUDIO_DIR%/cplex/bin/x64_win64
where %CPLEX_STUDIO_DIR%
is the location where your CPLEX is installed.libcurl.dll
libcurl.dll
to your CPLEX binaries directory (you might need administrative rights).There is no workaround or mitigation