Lucene search

IBM1E9A5D0BBB1F5022A2A281644B79C2F00FCBBEDD7354664270DEBD2DBB466337

HistoryJun 29, 2023 - 1:14 a.m.

Security Bulletin: IBM OpenPages with Watson has addressed a IBM SDK, Java Technology Edition (CVE-2023-30441)

2023-06-2901:14:00

www.ibm.com

ibm openpages

watson

sdk

java technology edition

cve-2023-30441

websphere

application server

liberty

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.6%

JSON

Summary

IBM OpenPages with Watson has addressed sensitive information exposure vulnerability caused by CVE-2023-30441. There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM OpenPages with Watson. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the References section for more information.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)

IBM OpenPages with Watson

8.3, 8.2

Remediation/Fixes

A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:

For IBM OpenPages with Watson, Upgrade to IBM SDK, Java Technology Edition Version 8.0.7.15

To Download IBM SDK, Java Technology Edition Version 8.0.7.15 refer to IBM Java SDKs for Liberty for Archive or Installation Manager Installs (Fix Central)

Product

| Instructions
—|—

For IBM OpenPages with Watson **8.3 or 8.2 **

Follow the appropriate steps to upgrade Java on each OpenPages server type.

Application Server
- Upgrade to IBM SDK, Java Technology Edition Version 8.0.7.15 refer to instructions How to Update Java on an OpenPages Application Server
Search Server
- Upgrade to IBM SDK, Java Technology Edition Version 8.0.7.15 refer to instructions How to Update Java on an OpenPages Global Search Server
Reporting Server
- Upgrade to IBM SDK, Java Technology Edition Version 8.0.7.15 refer to instructions How to Update Java on an OpenPages Reporting Server

For IBM OpenPages GRC Platform v7.4/8.0/8.1 customers, IBM recommends to upgrade to a fixed and supported versions** 8.2, 8.3 or 9.0** of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmopenpages_with_watsonMatch8.2

ibmopenpages_with_watsonMatch8.3

VendorProductVersionCPE
ibmopenpages_with_watson8.2cpe:2.3:a:ibm:openpages_with_watson:8.2:*:*:*:*:*:*:*
ibmopenpages_with_watson8.3cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	openpages_with_watson	8.2	cpe:2.3:a:ibm:openpages_with_watson:8.2:::::::*
ibm	openpages_with_watson	8.3	cpe:2.3:a:ibm:openpages_with_watson:8.3:::::::*