Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM32E2E658D92FF77A946598CB5F02AE84FCEFEC60B6447996366E248B513D9FE0
HistoryJun 06, 2024 - 8:34 p.m.

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-50313)

2024-06-0620:34:05
www.ibm.com
2
ibm master data management
websphere application server
tls vulnerability
infosphere master data management
cve-2023-50313
security bulletin
ibm x-force id

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Summary

IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored.

Vulnerability Details

CVEID:CVE-2023-50313
**DESCRIPTION:**IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/274712 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Master Data Management 12.0
InfoSphere Master Data Management 11.6

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by following WebSphere Application Server security bulletin

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
InfoSphere Master Data Management v11.6, v12.0 IBM WebSphere Application Server version 8.5 and 9.0. Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_master_data_management_reference_data_managementMatch11.6
OR
ibminfosphere_master_data_management_reference_data_managementMatch12.0

Related

ibm 16
cve 1
nessus 1
nvd 1
cvelist 1
ibm
ibm
Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)
2024-05-21 20:05:05
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-50313)
2024-04-16 02:55:42
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2023-50313)
2024-04-02 17:24:56
cve
cve
CVE-2023-50313
2024-04-02 13:15:51
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 (7145620)
2024-04-02 00:00:00
nvd
nvd
CVE-2023-50313
2024-04-02 13:15:51
cvelist
cvelist
CVE-2023-50313 IBM WebSphere Application Server information disclosure
2024-04-02 12:54:31

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for 32E2E658D92FF77A946598CB5F02AE84FCEFEC60B6447996366E248B513D9FE0
ibm16cve1nessus1nvd1cvelist1