A vulnerability in OpenSSL was disclosed by openssl.org. OpenSSL 1.0.2k, used by IBM Tivoli Composite Application Manager for Transactions (ISM), has addressed this vulnerability.
CVEID: CVE-2017-3730**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121311 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
ITCAM for Transactions includes multiple agents; this bulletin applies only to versions 7.4 of the Internet Service Monitoring agent, (ISM).
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Composite Application Manager for Transactions (Internet Service Monitoring)| 7.4| | http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003327
None