IBM MQ Appliance has addressed the following OpenSSL vulnerabilities.
CVEID: CVE-2018-0732
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by sending a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-0739
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance levels between 9.1.0.0 and 9.1.0.1
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Continuous delivery updates 9.1.1
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply iFix IT27359 , or later.
IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Apply iFix IT27359 , or later.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | 9.1.0.0 | |
ibm mq appliance | eq | 9.1.0.1 | |
ibm mq appliance | eq | 9.1.1 |