A Vulnerability in the OpenSSL library used by the IBM Tealeaf Customer Experience could permit a a remote attacker to obtain sensitive information.
CVEID: CVE-2017-3735**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
IBM Tealeaf Customer Experience v9.0.2, v9.0.1, v8.8.x and v8.7.x
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience
|
9.0.2A
IBM Tealeaf Customer Experience
|
9.0.2
Customers using versions 9.0.1, 8.8.x and 8.7.x should upgrade to v9.0.2 and apply the fix.
None