Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4CE1B2F6454C1BD94457E47D668B97B231076132166B23B18741F946099CC719
HistoryJul 28, 2021 - 1:30 p.m.

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Information Server

2021-07-2813:30:18
www.ibm.com
14

0.008 Low

EPSS

Percentile

82.3%

JSON

Summary

Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed.

Vulnerability Details

CVEID:CVE-2021-23840
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196848 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-3450
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Server, Information Server on Cloud 11.7 JR63623
--Upgrade to DataDirect ODBC drivers version 7.1.6
--Use Technote to choose which OpenSSL version the drivers will use
--Use Technote to follow additional post installation configuration steps

Workarounds and Mitigations

None

CPENameOperatorVersion
infosphere information servereq11.7

Related

gentoo 1
nessus 55
alpinelinux 2
rustsec 2
ibm 29
osv 13
redhatcve 3
openssl 2
ubuntucve 2
openvas 34
prion 2
debiancve 2
nvd 2
f5 2
cloudlinux 1
githubexploit 1
cve 2
mscve 1
cvelist 2
veracode 2
github 2
oraclelinux 7
altlinux 4
ics 1
mageia 2
amazon 2
suse 1
redhat 6
thn 1
attackerkb 2
freebsd_advisory 2
photon 2
rocky 1
debian 2
freebsd 1
archlinux 1
cisco 1
centos 1
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2021-03-31 00:00:00
nessus
nessus
GLSA-202103-03 : OpenSSL: Multiple vulnerabilities
2021-04-01 00:00:00
Photon OS 4.0: Openssl PHSA-2021-4.0-0007
2021-04-07 00:00:00
Nessus Network Monitor < 5.13.1 Multiple Vulnerabilities (TNS-2021-09)
2021-05-12 00:00:00
alpinelinux
alpinelinux
CVE-2021-23840
2021-02-16 17:15:13
CVE-2021-3450
2021-03-25 15:15:13
rustsec
rustsec
Integer overflow in CipherUpdate
2021-05-01 12:00:00
CA certificate check bypass with X509_V_FLAG_X509_STRICT
2021-05-01 12:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
2021-03-18 23:22:56
Security Bulletin: Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products
2021-07-28 20:40:18
Security Bulletin: IBM MQ is vulnerable to an issue within OpenSSL (CVE-2021-23840)
2021-06-22 17:33:28
osv
osv
Integer overflow in CipherUpdate
2021-05-01 12:00:00
Integer Overflow in openssl-src
2021-08-25 20:52:19
CVE-2021-23840
2021-02-16 17:15:13
redhatcve
redhatcve
CVE-2021-23840
2021-02-18 17:04:10
CVE-2021-3450
2021-03-25 14:58:02
CVE-2020-36242
2021-02-08 13:33:48
openssl
openssl
Vulnerability in OpenSSL CVE-2021-23840
2021-02-16 00:00:00
Vulnerability in OpenSSL CVE-2021-3450
2021-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2021-23840
2021-02-16 00:00:00
CVE-2021-3450
2021-03-25 00:00:00
openvas
openvas
Tenable Nessus Network Monitor 5.11.0 - 5.13.0 Multiple Vulnerabilities (TNS-2021-09)
2022-12-20 00:00:00
OpenSSL: Integer overflow in CipherUpdate (CVE-2021-23840) - Linux
2021-02-17 00:00:00
OpenSSL: CA Certificate Check Bypass Vulnerability (CVE-2021-3450) - Linux
2021-03-26 00:00:00
prion
prion
Design/Logic Flaw
2021-03-25 15:15:00
Design/Logic Flaw
2021-02-16 17:15:00
debiancve
debiancve
CVE-2021-3450
2021-03-25 15:15:13
CVE-2021-23840
2021-02-16 17:15:13
nvd
nvd
CVE-2021-3450
2021-03-25 15:15:13
CVE-2021-23840
2021-02-16 17:15:13
f5
f5
K52171694 : OpenSSL vulnerability CVE-2021-3450
2021-03-26 00:00:00
K24624116 : OpenSSL vulnerability CVE-2021-23840
2021-02-18 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-23840
2021-09-21 22:03:05
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Openssl
2023-09-11 09:24:54
cve
cve
CVE-2021-23840
2021-02-16 17:15:13
CVE-2021-3450
2021-03-25 15:15:13
mscve
mscve
OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
2021-10-12 07:00:00
cvelist
cvelist
CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
2021-03-25 00:00:00
CVE-2021-23840 Integer overflow in CipherUpdate
2021-02-16 00:00:00
veracode
veracode
Privilege Escalation
2021-03-25 16:37:03
Denial Of Service (DoS)
2021-02-17 18:09:31
github
github
Certificate check bypass in openssl-src
2021-08-25 20:54:00
Integer Overflow in openssl-src
2021-08-25 20:52:19
oraclelinux
oraclelinux
openssl security update
2021-10-13 00:00:00
openssl security and bug fix update
2021-11-16 00:00:00
openssl security update
2021-03-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1j-alt1
2021-03-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1j-alt1
2021-03-17 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1k-alt1
2021-03-29 00:00:00
ics
ics
Mitsubishi Electric MELSOFT GT OPC UA
2022-05-10 12:00:00
mageia
mageia
Updated openssl and compat-openssl10 packages fix security vulnerabilities
2021-03-04 19:53:32
Updated openssl packages fix security vulnerability
2021-04-05 18:54:07
amazon
amazon
Medium: openssl
2021-02-23 20:18:00
Important: openssl11
2021-03-25 18:31:00
suse
suse
Security update for openssl-1_0_0 (moderate)
2021-03-17 00:00:00
redhat
redhat
(RHSA-2021:4424) Moderate: openssl security and bug fix update
2021-11-09 09:21:13
(RHSA-2021:1203) Important: Red Hat JBoss Web Server 3.1 Service Pack 12 security update
2021-04-14 17:52:55
(RHSA-2021:1195) Important: Red Hat JBoss Web Server 5.4.2 Security Update
2021-04-14 14:22:39
thn
thn
OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities
2021-03-26 14:56:00
attackerkb
attackerkb
CVE-2021-3450
2021-03-25 00:00:00
OpenSSL TLS Server Crash (NULL pointer dereference) — CVE-2021-3449
2021-03-25 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-21:07.openssl
2021-03-25 00:00:00
FreeBSD-SA-21:17.openssl
2021-08-24 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0331
2021-03-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0325
2021-03-05 00:00:00
rocky
rocky
edk2 security, bug fix, and enhancement update
2021-11-09 08:37:02
debian
debian
[SECURITY] [DLA 2565-1] openssl1.0 security update
2021-02-18 18:10:13
[SECURITY] [DLA 2563-1] openssl security update
2021-02-18 12:11:49
freebsd
freebsd
OpenSSL -- Multiple vulnerabilities
2021-03-25 00:00:00
archlinux
archlinux
[ASA-202103-10] openssl: multiple issues
2021-03-25 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
2021-03-25 16:00:00
centos
centos
openssl security update
2021-11-17 14:51:29

0.008 Low

EPSS

Percentile

82.3%

JSON
Related for 4CE1B2F6454C1BD94457E47D668B97B231076132166B23B18741F946099CC719
gentoo1nessus55alpinelinux2rustsec2ibm29osv13redhatcve3openssl2ubuntucve2openvas34prion2debiancve2nvd2f52cloudlinux1githubexploit1cve2mscve1cvelist2veracode2github2oraclelinux7altlinux4ics1mageia2amazon2suse1redhat6thn1attackerkb2freebsd_advisory2photon2rocky1debian2freebsd1archlinux1cisco1centos1