The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service.
CVEID:CVE-2018-16840
DESCRIPTION: cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected IBM ILOG CPLEX Optimization Studio | Affected Versions |
---|---|
IBM ILOG CPLEX Optimization Studio | 12.8 |
Please replace the initial DLL version 7.54.1.0 with the fixed version 7.60.0.0 available on Fix Central.
MD checksum: 04e1fe45fce57cd33a7b803230d06c35
For information, here is the path of the DLL:
<Installation directory>\cplex\bin\x64_win64\libcurl.dll
There is no workaround or mitigation.
CPE | Name | Operator | Version |
---|---|---|---|
ibm ilog cplex optimization studio | eq | 12.8 |