This new bug, discovered in OpenSSH, allows stealing the information that should be protected by SSL/TLS encryption. You can tread more at this link:

CPM Server instance, versions 1.0.0 & 1.0.1 are vulnerable because of this bug.

The fix will be applied to the next CPM software update. If your CPM server is protected by security groups/VPC from outside connections, you may wait with it. Otherwise it is highly recommended to apply the fix.

For instances running v1.0.0, please upgrade to v1.0.1 first.

To fix the issue, follow these instructions: