Lucene search

IBM8BB53DF278EDB3A11E2D198B16AD7BA23EAB03BB46F003CF754F62A6ABAAD1E6

HistoryApr 24, 2023 - 6:13 p.m.

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics Installed WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283)

2023-04-2418:13:17

www.ibm.com

ibm

tivoli

application diagnostics

websphere

cross-site scripting

cve-2023-26283

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.2%

JSON

Summary

The security issue described in CVE-2023-26283 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
Tivoli Composite Application Manager for Application Diagnostics	7.1.0

Remediation/Fixes

Follow the WebSphere security bulletin, <https://www.ibm.com/support/pages/node/6964836> to update WebSphere Application Servers.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_composite_application_manager_for_wesbsphereMatch7.1.0

CPENameOperatorVersion
tivoli composite application manager for application diagnosticseq7.1.0

CPE	Name	Operator	Version
	tivoli composite application manager for application diagnostics	eq	7.1.0