Vulnerability Name: CVE-2023-0286 (CCN-246611) Assigned: 2023-02-07 Published: 2023-02-07 Updated: 2023-07-19 Summary: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service. CVSS v3 Severity: 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): High
8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 7.4 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): High
7.4 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2023-0286 openssl-cve20230286-dos(246611) openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org OpenSSL Toolkit 1.1.1t OpenSSL Toolkit 3.0.8 OpenSSL Security Advisory 20230207 Vulnerability in PyPI cryptography and Python may affect IBM Spectrum Protect Plus File Systems Agent (CVE-2023-23931, CVE-2023-0286, CVE-2023-24329) IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities IBM Aspera faspio Gateway 1.3.2 has addressed multiple openssl vulnerabilities (CVE-2023-0401, CVE-2022-4203, CVE-2022-4304, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2023-0217, CVE-2023-0286) IBM QRadar WinCollect agent has multiple vulnerabilities IBM Watson Explorer affected by vulnerability in OpenSSL. Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus Vulnerabilites in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286) Watson AI Gateway for Cloud Pak for Data is vulnerable to an OpenSSL denial of service caused by a type confusion error (CVE-2023-0286) Multiple vulnerabilities in OpenSSL affect AIX Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus z/Transaction Processing Facility is affected by multiple OpenSSL vulnerabilities. Vulnerability in cryptography affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-0286] IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2023-0215, CVE-2023-0286) and information disclosure (CVE-2022-4304) IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service and remote attack due to OpenSSL and cURL libcurl. (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 & CVE-2022-42915). OpenSSL publicly disclosed vulnerability affects IBM? MobileFirst Platform Multiple publicly disclosed OpenSSL vulnerabilities affect IBM Safer Payments IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol IBM MQ Appliance affected by multiple OpenSSL vulnerabilities IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service and loss of confidentiality due to [CVE-2022-4304], [CVE-2023-0215], [CVE-2023-0286] IBM DataPower Gateway affected by multiple CVEs in OpenSSL IBM API Connect is vulnerable to OpenSSL vulnerabilities (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities. CVE-2023-0286 may affect IBM CICS TX Advanced 10.1 Vulnerability in OpenSSL (CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286 ) affects Power HMC Security vulnerabilities are addressed with IBM Cloud Pak for Business IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) openssl-security@openssl.org Vulnerable Configuration: Configuration RedHat 1 :cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 11 :cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:* Configuration RedHat 12 :cpe:/o:redhat:rhel_els:6:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:openssl:openssl:1.0.2:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:1.1.1:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:3.0.0:*:*:*:*:*:*:* AND cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_connect:express:1.5.0:*:*:*:unix:*:*:* OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.8:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:* OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_client:8.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_client:8.1.7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.1.0.00:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.2.0.00:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.3.0.00:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.3.1.03:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.4.0.00:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.4.2.02:*:*:*:*:*:*:* OR cpe:/a:ibm:safer_payments:6.5.0.00:*:*:*:*:*:*:* Oval Definitions BACK
openssl openssl 1.0.2
openssl openssl 1.1.1
openssl openssl 3.0.0
ibm aix 7.1
ibm i 7.2
ibm watson explorer 11.0.0
ibm i 7.3
ibm watson explorer 11.0.1
ibm aix 7.2
ibm watson explorer 11.0.2
ibm infosphere information server 11.7
ibm spectrum protect plus 10.1.0
ibm watson explorer 12.0.0
ibm sterling connect:express 1.5.0
ibm integration bus 10.0.0.0
ibm app connect 11.0.0.1
ibm datapower gateway 2018.4.1.0
ibm watson explorer 12.0.1
ibm watson explorer 12.0.2
ibm i 7.4
ibm vios 3.1
ibm cloud transformation advisor 2.0.1
ibm cloud pak for automation 19.0.3
ibm mq for hpe nonstop 8.1.0
ibm watson explorer 12.0.3
ibm cloud pak for automation 20.0.1
ibm spectrum protect plus 10.1.6
ibm cloud pak for automation 20.0.2
ibm api connect 10.0.0.0
ibm datapower gateway 10.0.1.0
ibm api connect 10.0.1.0
ibm cloud pak for automation 20.0.3
ibm spectrum protect plus 10.1.7
ibm cloud pak for automation 21.0.1
ibm spectrum protect plus 10.1.8
ibm app connect enterprise 12.0.1.0
ibm cloud pak for automation 21.0.2 -
ibm aix 7.3
ibm cloud pak for automation 19.0.1
ibm business automation workflow 20.0.0.1
ibm business automation workflow 20.0.0.2
ibm business automation workflow 21.0.1
ibm cloud pak for automation 19.0.2
ibm cloud pak for business automation 18.0.0
ibm cloud pak for business automation 18.0.2
ibm cloud pak for business automation 19.0.1
ibm cloud pak for business automation 19.0.3
ibm cloud pak for business automation 20.0.1
ibm cloud pak for business automation 20.0.3
ibm cloud pak for business automation 21.0.1 -
ibm cloud pak for business automation 21.0.2 -
ibm cloud pak for business automation 21.0.3 -
ibm datapower gateway 10.0.4.0
ibm i 7.5
ibm app connect enterprise certified container 4.1
ibm spectrum protect client 8.1.0.0
ibm app connect enterprise certified container 4.2
ibm datapower gateway 10.5.0.0
ibm business automation workflow 22.0.1
ibm cloud pak for business automation 22.0.1 -
ibm app connect enterprise certified container 5.0
ibm app connect enterprise certified container 5.1
ibm app connect enterprise certified container 5.2
ibm app connect enterprise certified container 6.0
ibm app connect enterprise certified container 6.1
ibm business automation workflow 22.0.2
ibm app connect enterprise certified container 6.2
ibm cloud pak for business automation 22.0.2 -
ibm spectrum protect client 8.1.7.0
ibm safer payments 6.1.0.00
ibm safer payments 6.2.0.00
ibm safer payments 6.3.0.00
ibm safer payments 6.3.1.03
ibm safer payments 6.4.0.00
ibm safer payments 6.4.2.02
ibm safer payments 6.5.0.00
Denotes that component is vulnerable