OpenSSL vulnerabilities were disclosed on November 2, 2017 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVE.
CVEID: CVE-2017-3736
Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry
propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker
with online access to an unpatched system could exploit this vulnerability to obtain information about
the private key.
CVSS Base Score: 5.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Sterling Connect:Direct for HP NonStop 3.6.0.0
IBM Sterling Connect:Direct for HP NonStop 3.6.0.1
IBM Sterling Connect:Direct for HP NonStop 3.6.0.2
The recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes.
VRMF | APAR | Remediation/First Fix |
---|---|---|
3.6.0 | IT23686 | Apply 3.6.0.2, iFix 008, available on Fix Central |
You should verify applying this configuration change does not cause any compatibility issues. |
None