7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
57.2%
CVE-2023-30441 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability.
CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
8.0.7.0 - 8.0.7.11
Note: Earlier 8.x releases are also affected if the security provider order has been changed to prefer the IBMJCEPlus provider over the IBMJCE provider. More information on this topic can be found here.
8.0.7.15
IBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the Java Developer Center.
IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.
Modify the security provider order in the jre/lib/security/java.security file to prefer the IBMJCE provider over the IBMJCEPlus provider.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
57.2%