Lucene search

IBM12BE71B88E1765A697D54EC3BBEC6338804F12D9F87590B2068E8EC8991C7148

HistorySep 10, 2024 - 10:39 a.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50315)

2024-09-1010:39:22

www.ibm.com

ibm websphere application server

security vulnerability

network spoofing

sensitive information

ibm x-force.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2023-50315
**DESCRIPTION:**IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/274714 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Maximo Asset Management core product versions affected:

Affected Product(s)	Version(s)	Affected Supporting Product and Version

Maximo Asset Management

7.6.1.3

IBM WebSphere Application Server 9.0
IBM WebSphere Application Server 8.5.5 Full Profile

To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Platform Matrix for a list of supported product combinations.

Remediation/Fixes

Security Bulletin Link: <https://www.ibm.com/support/pages/node/7165511>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmaximo_asset_managementMatch7.6.1

ibmmaximo_for_oil_and_gasMatch7.6.1

ibmmaximo_for_life_sciencesMatch7.6

ibmmaximo_for_transportationMatch7.6.2.5

ibmmaximo_for_transportationMatch7.6.2.4

ibmmaximo_for_transportationMatch7.6.2.3

ibmmaximo_asset_configuration_managerMatch7.6.7.1

ibmmaximo_asset_configuration_managerMatch7.6.7

ibmmaximo_asset_configuration_managerMatch7.6.6

ibmmaximo_for_service_providersMatch7.6.3.3

ibmmaximo_for_service_providersMatch7.6.3.2

ibmmaximo_for_service_providersMatch7.6.3.1

ibmmaximo_spatial_asset_managementMatch7.6.0.5

ibmmaximo_spatial_asset_managementMatch7.6.0.4

ibmmaximo_spatial_asset_managementMatch7.6.0.3

ibmmaximo_spatial_asset_managementMatch7.6.0.2

ibmmaximo_for_utilitiesMatch7.6.0.2

ibmmaximo_for_utilitiesMatch7.6.0.1

ibmmaximo_for_nuclear_powerMatch7.6.1

ibmcontrol_deskMatch7.6.1.1

ibmcontrol_deskMatch7.6.1

ibmmaximo_for_aviationMatch7.6.8

ibmmaximo_for_aviationMatch7.6.7

ibmmaximo_for_aviationMatch7.6.6

VendorProductVersionCPE
ibmmaximo_asset_management7.6.1cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*
ibmmaximo_for_oil_and_gas7.6.1cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*
ibmmaximo_for_life_sciences7.6cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*
ibmmaximo_for_transportation7.6.2.5cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*
ibmmaximo_for_transportation7.6.2.4cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*
ibmmaximo_for_transportation7.6.2.3cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*
ibmmaximo_asset_configuration_manager7.6.7.1cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*
ibmmaximo_asset_configuration_manager7.6.7cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*
ibmmaximo_asset_configuration_manager7.6.6cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*
ibmmaximo_for_service_providers7.6.3.3cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	maximo_asset_management	7.6.1	cpe:2.3:a:ibm:maximo_asset_management:7.6.1:::::::*
ibm	maximo_for_oil_and_gas	7.6.1	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:::::::*
ibm	maximo_for_life_sciences	7.6	cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:::::::*
ibm	maximo_for_transportation	7.6.2.5	cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:::::::*
ibm	maximo_for_transportation	7.6.2.4	cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:::::::*
ibm	maximo_for_transportation	7.6.2.3	cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:::::::*
ibm	maximo_asset_configuration_manager	7.6.7.1	cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:::::::*
ibm	maximo_asset_configuration_manager	7.6.7	cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:::::::*
ibm	maximo_asset_configuration_manager	7.6.6	cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:::::::*
ibm	maximo_for_service_providers	7.6.3.3	cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:::::::*

Rows per page:

1-10 of 241

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

Related for 12BE71B88E1765A697D54EC3BBEC6338804F12D9F87590B2068E8EC8991C7148