Lucene search

K
ibmIBM3C676591D94EBD84298B09ECCF1F0E926E11019A5E54883D6FC0D93068AF0BD2
HistoryFeb 29, 2024 - 8:31 p.m.

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-50312)

2024-02-2920:31:00
www.ibm.com
8
ibm
websphere
hybrid edition
liberty
outbound tls
security
vulnerability
fix pack
apar ph58870

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

Summary

IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security for outbound TLS connections.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) and Version(s) Affecting Product(s) and Version(s)

IBM WebSphere Hybrid Edition

  • 5.1
    |

IBM WebSphere Application Server Liberty

  • 17.0.0.3 - 24.0.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH58870 as described in Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphereMatch5.1
CPENameOperatorVersion
ibm websphere hybrid editioneq5.1

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

Related for 3C676591D94EBD84298B09ECCF1F0E926E11019A5E54883D6FC0D93068AF0BD2