Critical Severity

Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712

Share this post:

OpenSSL is provided as an API available to application developers on IBM i. The OpenSSL APIs on IBM i are vulnerable to the issues described in the vulnerability details section. The applicability of each vulnerability is determined by an application’s specific use of OpenSSL. IBM i has addressed the vulnerability for applications by addressing the CVEs in the OpenSSL API implementation.

CVE(s): CVE-2021-3711, CVE-2021-3712

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM i 7.4
IBM i 7.3
IBM i 7.2
IBM i 7.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6492573
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073

More stories

Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software – September 2021

Oct 25, 2021 8:00 pm EDT | Critical Severity

Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. ...read more


Security Bulletin: Vulnerabilities affect Watson Explorer Foundational Components (CVE-2021-3712, CVE-2021-3711)

Oct 22, 2021 8:03 pm EDT | Critical Severity

A critical OpenSSL buffer overflow vulnerability and possible denial of service affect IBM Watson Explorer Foundational Components. IBM Watson Explorer Foundational Components has addressed the vulnerabilities by updating the version of OpenSSL. ...read more


Security Bulletin: IBM QRadar Advisor With Watson uses components with known vulnerabilities (CVE-2020-36242, CVE-2021-33503, CVE-2020-28493)

Oct 20, 2021 8:02 pm EDT | Critical Severity

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. This update addresses these vulnerabilities. ...read more