News T2 2024 IBM Sterling Connect:Express for UNIX uses vulnerable version of OpenSSLNews T2 2024

Integration News

IBM Sterling Connect:Express for UNIX uses vulnerable version of OpenSSL

Summary

IBM Sterling Connect:Express for UNIX uses a version OpenSSL which is vulnerable to denial of service (CVE-2024-2511). This issue has been addressed by upgrading the version of OpenSSL.

Vulnerability Details

CVEID: CVE-2024-2511
Description: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Workarounds and Mitigations

None.

Klicken Sie auf die Schaltfläche unten, um diesen Newsletter im Pdf-Format herunterzuladen.