OpenSSL is used by IBM Events Operator as part of its Operating System (CVE-2023-0215).
CVEID:CVE-2023-0215
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a use-after-free error related to the incorrect handling of streaming ASN.1 data by the BIO_new_NDEF function. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246614 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Events Operator | 3.7.0 - 4.7.0 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Events Operator 4.8.0.
This gets included into IBM Common Services and is included in 3.19.x, 3.23.x and 4.x channels. Follow the upgrading and migrating to upgrade to a newer version of IBM Common Services.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm events operator | ge | 3.7.0 | |
ibm events operator | le | 4.7.0 |