7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
57.2%
IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to exposing sensitive information using a combination of flaws and configurations as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF for Java as described in the remediation/fixes section.
CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The vulnerability can be fixed by applying the latest Java Group PTF. Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will be fixed.
A security bulletin listing the IBM i Group PTF numbers and levels in the table below was already provided which resolves the CVE described in the vulnerability/details section. If the IBM i Group PTF number and level listed has already been applied, then no further action is required.
The IBM i Group PTF numbers contain the fix for the vulnerability. Future Group PTFs for Java will also contain the fix for the vulnerability.
IBM i Release | 5770-JV1 Group PTF Number and Level | PTF Download Link |
---|---|---|
7.5 |
SF99955 Level 3
|
<https://www.ibm.com/support/pages/uid/nas4SF99955>
7.4|
SF99665 Level 16
|
<https://www.ibm.com/support/pages/uid/nas4SF99665>
7.3|
SF99725 Level 27
| <https://www.ibm.com/support/pages/uid/nas4SF99725>
7.2|
SF99716 Level 37
|
<https://www.ibm.com/support/pages/uid/nas4SF99716>
Please see the Java document at this URL for the latest Java information for IBM i:
<https://www.ibm.com/support/pages/java-ibm-i>
If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Vulnerabilities”, located in the References section for more information.
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
57.2%