Security Bulletin: Security Vulnerability in IBM Java SDK affects IBM WebSphere Service Registry and Repository (CVE-2023-30441)

Summary

There is a vulnerability in the IBM SDK, Java Technology Edition, used by WebSphere Service Registry and Repository. This issue is also addressed by IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository.

Vulnerability Details

CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

For all versions of WebSphere Service Registry and Repository Studio:

• Upgrade to WebSphere Service Registry and Repository Studio V8.5.6.3_IJ46307

For WebSphere Service Registry and Repository these issues are addressed by IBM WebSphere Application Server. Refer to the following security bulletin for vulnerability details and information about fixes:

• Security Bulletin:Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441

Workarounds and Mitigations

None