Lucene search

IBM65DE3AC60AFF68F9BB5FC882462C715DF8FB867371C912DE721E6044CDDB4634

HistoryDec 05, 2023 - 5:14 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-46158)

2023-12-0505:14:41

www.ibm.com

ibm engineering lifecycle

cve-2023-46158

websphere application server liberty

vulnerability

version 7.0.2

version 7.0.3

appsecurity

fix

ibm support

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

37.9%

JSON

Summary

IBM WebSphere Application Server Liberty could provide weaker than expected security. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Workflow Management, Jazz Foundation, Global Configuration Management, IBM Engineering Requirements Management DOORS Next

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Versions

Affected Product(s)	Version(s)
IBM Engineering Requirements Management DOORS Next	7.0.2, 7.0.3
IBM Engineering Workflow Management
Global Configuration Management
Jazz Foundation

Remediation/Fixes

CVE-2023-46158 may affect above mentioned The IBM® Engineering Lifecycle Engineering products which has features: appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0

This affects WebSphere Application Liberty versions 23.0.0.9 and 23.0.0.10

Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7058356>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmibm_engineering_lifecycle_management_baseMatch7.0.2

ibmibm_engineering_lifecycle_management_baseMatch7.0.3

VendorProductVersionCPE
ibmibm_engineering_lifecycle_management_base7.0.2cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0.2:*:*:*:*:*:*:*
ibmibm_engineering_lifecycle_management_base7.0.3cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	ibm_engineering_lifecycle_management_base	7.0.2	cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0.2:::::::*
ibm	ibm_engineering_lifecycle_management_base	7.0.3	cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:7.0.3:::::::*