Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

2024-05-1307:41:37

www.ibm.com

ibm

engineering lifecycle

websphere application server liberty

vulnerability

outbound tls connections

global configuration management

jazz foundation

cve-2023-50312

6.5 Medium

AI Score

Confidence

High

JSON

Summary

IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been addressed in this bulletin: Jazz Foundation, Global Configuration Management

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
Global Configuration Management	7.0.2
Jazz Foundation
Global Configuration Management	7.0.3
Jazz Foundation

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH58870.

If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7125527>

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm engineering lifecycle management baseeq702
ibm engineering lifecycle management baseeq703

CPE	Name	Operator	Version
	ibm engineering lifecycle management base	eq	702
	ibm engineering lifecycle management base	eq	703

6.5 Medium

AI Score

Confidence

High

JSON

Related for 944B46950F38785F831EE9B42032B5B9E9C4275ED71066DC809463B8C2E45394