Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22924)

Summary

The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to an unspecified error with bad connection reused.

Vulnerability Details

CVEID:CVE-2021-22924
**DESCRIPTION:**An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM ILOG CPLEX Optimization Studio (COS)| 20.1

IBM ILOG CPLEX Optimization Studio (COS)| 12.10

IBM ILOG CPLEX Optimization Studio (COS)| 12.9
IBM ILOG CPLEX Optimization Studio (COS)| 12.8

Remediation/Fixes

Please replace the initial DLL version with the fixed version 7.79.1 available on Fix Central.
MD checksum: 343C94A75FD43F7F04CDE8A079C58E67

How to upgrade:

• locate the CPLEX binaries directory: %CPLEX_STUDIO_DIR%/cplex/bin/x64_win64 where %CPLEX_STUDIO_DIR% is the location where your CPLEX is installed.
• download the new libcurl.dll
• copy libcurl.dll to your CPLEX binaries directory (you might need administrative rights).

Workarounds and Mitigations

There is no workaround or mitigation