Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary

IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack: IBM Engineering Workflow Management, IBM Engineering Requirements Management DOORS Next, IBM Engineering Test Management

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Engineering Workflow Management,

IBM Engineering Test Management,

IBM Engineering Requirements Management DOORS Next

| 7.0.2
7.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH58870.

For IBM WebSphere Application Server Liberty 17.0.0.3 - 24.0.0.2:
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH60113
--OR–
· Apply Liberty Fix Pack 24.0.0.3 or later (targeted availability 1Q2024).

Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7125527&gt;

Workarounds and Mitigations

None