7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%
IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to the security bulletin listed in the Remediation/Fixes section.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Storage Protect for Workstations | 8.1 |
Upgrading Liberty to 24.0.0.3 or later fixes the security issue (CVE-2023-50312) reported by the following IBM WebSphere Application Server security bulletin:
To upgrade the version of Liberty used by Central Administration Console (CAC) perform the following steps:
1. Download the Liberty update, (e.g., wlp-base-all-24.0.0.3.jar or later) from:
Recommended updates for WebSphere Application Server (ibm.com)
2. Change the jar file to a zip file (e.g., change wlp-base-all-24.0.0.3.jar to wlp-base-all-24.0.0.3.zip or later)
3. Run net stop CAC_Service
4. Unzip the file (e.g., unizip wlp-base-all-24.0.0.3.zip)
5. Copy the wlp folder into the CAC install directory, typically C:\Program Files\Tivoli\TSM\CAC
6. Run net start CAC_Service
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect for workstations | eq | 8.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%