IBM has addressed the aplicable CVE
CVEID:CVE-2021-23840
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196848 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM DataPower Gateway | 2018.4.1.0-2018.4.1.16 |
Affected Product
| Fixed in Version
| APAR
—|—|—
2018.4.1
| 2018.4.1.17
| IT37298
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm datapower gateway | eq | 2018.4.1 |