Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5DDB40F1DD5BCEC1AC833DFEB4B63D13A03B415ADEA6EB03377478D8FDBE3BF5
HistoryOct 06, 2023 - 1:29 a.m.

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)

2023-10-0601:29:46
www.ibm.com
16
ibm master data management
ibm websphere application server
security bulletin
vulnerability
infosphere
version 11.6
version 12.0
cve-2023-35890
security fix

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security, caused by the improper encoding in a local configuration file.

Vulnerability Details

CVEID:CVE-2023-35890
**DESCRIPTION:**IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258637 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Master Data Management 12.0
InfoSphere Master Data Management 11.6

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
InfoSphere Master Data Management v11.6, v12.0 IBM WebSphere Application Server version 8.5 and 9.0. Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_master_data_managementMatch11.6
OR
ibminfosphere_master_data_managementMatch12.0

Related

ibm 22
cve 1
cvelist 1
prion 1
nvd 1
nessus 1
ibm
ibm
Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-35890)
2023-06-29 14:41:42
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-35890)
2023-07-07 23:21:10
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2023-35890)
2023-08-28 10:40:46
cve
cve
CVE-2023-35890
2023-07-07 03:15:09
cvelist
cvelist
CVE-2023-35890 IBM WebSphere Application Server information disclosure
2023-07-07 02:13:23
prion
prion
Design/Logic Flaw
2023-07-07 03:15:00
nvd
nvd
CVE-2023-35890
2023-07-07 03:15:09
nessus
nessus
IBM WebSphere Application Server 8.5.5.23 < 8.5.5.24 / 9.0.5.15 < 9.0.5.17 (7007857)
2023-07-07 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 5DDB40F1DD5BCEC1AC833DFEB4B63D13A03B415ADEA6EB03377478D8FDBE3BF5
ibm22cve1cvelist1prion1nvd1nessus1