Summary Vulnerability contained within OpenSSL (a 3rd party component) was addressed in the IBM MaaS360 VPN Module. Vulnerability Details ** CVEID: CVE-2024-4741 DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSL_free_buffers API function . By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition. CVSS Base score: 8.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292512 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM MaaS360 VPN| 2.89.000 – 3.000.800 Remediation/Fixes IBM strongly recommends customers update their systems promptly. Apply the IBM MaaS360 VPN module update to version 3.000.850 or greater. Instructions to upgrade the VPN modules are located on this IBM Documentation page. Workarounds and Mitigations…Read More