OpenSSL is used within IBM Tivoli Netcool System Service Monitors/Application Service Monitors. CVE-2023-0464
CVEID:CVE-2023-0464
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By creating a specially crafted certificate chain that triggers exponential use of computational resources, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250736 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool System Service Monitors/Application Service Monitors | 4.0.1 |
Product | VMRF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Tivoli Netcool System Service Monitors/Application Service Monitors | 4.0.1 SP11 | PSIRTs Only | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Netcool+System+Service+Monitor&release=4.0.1.3&platform=All&function=fixId&fixids=4.0.1.3-TIV-SSM-IF0011&includeSupersedes=0&source=fc |
None
CPE | Name | Operator | Version |
---|---|---|---|
netcool/system service monitor | eq | 4.0.1 |