The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to an unspecified error with bad connection reused.
CVEID:CVE-2021-22924
**DESCRIPTION:**An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM ILOG CPLEX Optimization Studio (COS) | 20.1.0.1 |
IBM ILOG CPLEX Optimization Studio (COS)| 20.1
IBM ILOG CPLEX Optimization Studio (COS)| 12.10
IBM ILOG CPLEX Optimization Studio (COS)| 12.9
IBM ILOG CPLEX Optimization Studio (COS)| 12.8
Please replace the initial DLL version with the fixed version 7.79.1 available on Fix Central.
MD checksum: 343C94A75FD43F7F04CDE8A079C58E67
How to upgrade:
%CPLEX_STUDIO_DIR%/cplex/bin/x64_win64
where %CPLEX_STUDIO_DIR%
is the location where your CPLEX is installed.libcurl.dll
libcurl.dll
to your CPLEX binaries directory (you might need administrative rights).There is no workaround or mitigation