OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2024-2511 is identified as a potential risk for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service Monitors/Application Service Monitors to the current version of OpenSLL, 3.2.1.
CVEID:CVE-2024-2511
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287215 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool System Service Monitors/Application Service Monitors | 4.0.1 |
Product | VMRF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Tivoli Netcool System Service Monitors/Application Service Monitors | 4.0.1 SP13 | PSIRTs Only | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Netcool+System+Service+Monitor&release=4.0.1.3&platform=All&function=fixId&fixids=4.0.1.3-TIV-SSM-IF0013&includeSupersedes=0&source=fc |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_netcool_system_service_monitors | 4.0.1 | cpe:2.3:a:ibm:tivoli_netcool_system_service_monitors:4.0.1:*:*:*:*:*:*:* |