Integration News
IBM Sterling Connect:Express for UNIX uses vulnerable version of OpenSSL
Summary
IBM Sterling Connect:Express for UNIX uses a version OpenSSL which is vulnerable to denial of service (CVE-2024-2511). This issue has been addressed by upgrading the version of OpenSSL.
Vulnerability Details
CVEID: CVE-2024-2511
Description: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
Workarounds and Mitigations
None.
Cliquez sur le bouton ci-dessous pour télécharger cette lettre d’information au format Pdf.