High Severity

Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450)

Share this post:

OpenSSL is used by the IBM Security Verify Adapters as part of its SSL communication. IBM Security Verify Adapters are vulnerable to denial of service (CVE-2021-3449) and could allow a remote attacker to bypass security restrictions (CVE-2021-3450) The fix includes OpenSSL version 1.1.1k.

CVE(s): CVE-2021-3449, CVE-2021-3450

Affected product(s) and affected version(s):

Adapter Name

Version

IBM Security Verify Adapter for Lotus Notes 7.1.16, 6.0.16
IBM Security Verify Adapter for Microsoft SQL Server 7.1.18, 6.0.18
IBM Security Verify Adapter for Windows Active Directory 10.0.1
IBM Security Verify Adapter for Windows Local Accounts 7.1.20, 6.0.20

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6589173
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198752
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198754

More stories

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

July 4, 2022 | High Severity

IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. ...read more


Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

July 4, 2022 | High Severity

IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async (CVE-2021-43138) and nconf (CVE-2022-21803) modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes async >=3.2.3 and nconf 0.12.0 ...read more