The IBM Controller is enterprise HR software used by some organizations for employee management. This vulnerability allows attackers to cause a denial of service (DoS) attack on the system by exploiting an issue in the native AES/CBC encryption implementation, resulting in a buffer overflow and subsequent crash.
Affected versions: 11.0.1, 11.1.1 If you don't recognise this software, you're probably not affected.
To fix this vulnerability, upgrade to a patched version of IBM Controller 11.1.2. Immediate mitigations include reducing network access to the affected instance (firewall it from the public internet) and monitoring for suspicious activity related to the DoS attack.