Bug Alert for CP4D Users Running OpenSSL 3.0.0+
We'd like to draw your attention to a security alert resulting from a reported buffer overflow vulnerability that the OpenSSL open source community disclosed for OpenSSl versions 3.0.0 - 3.0.6 which CP4D users may be running.
Note: OpenSSL pre-announced on October 25, 2022, that OpenSSL 3.0.7 would fix a Critical vulnerability. Its vulnerability disclosure today downgraded the vulnerability to High.
IBM clients concerned about the applicability of this vulnerability to IBM products should, as with any other security vulnerability, continue to monitor IBM Product Security Central for product specific security bulletins and fixes.
For customers running legacy Netezza systems, OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
If you want any further information, feel free to contact us.