Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM96DD48BA2298CD23088AFB655DB4276D4ACF1E9B0137EF6CF10AE083A61A8BF7
HistoryFeb 27, 2024 - 4:19 p.m.

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-46158 and CVE-2023-44483 used in IBM Maximo Application Suite - Monitor Component

2024-02-2716:19:36
www.ibm.com
11
ibm maximo
liberty server
vulnerability
cvss
remediation
fixpack
monitor component

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Summary

IBM Maximo Application Suite - Monitor Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-46158 and CVE-2023-44483. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-46158
**DESCRIPTION:**IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-44483
**DESCRIPTION:**Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files when using the JSR 105 API. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269153 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Monitor Component 8.11
IBM Maximo Application Suite - Monitor Component 8.10

Remediation/Fixes

Affected Product(s) Fixpack Version(s)
IBM Maximo Application Suite - Monitor Component 8.11.4 or latest (available from the Catalog under Update Available)
IBM Maximo Application Suite - Monitor Component 8.10.7 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.11
OR
ibmmaximo_application_suiteMatch8.10

Related

ibm 64
osv 2
github 1
prion 2
redhatcve 1
ubuntucve 1
debiancve 1
nvd 2
nessus 9
cve 2
cgr 1
veracode 1
wolfi 1
cnvd 1
cvelist 2
redhat 10
oracle 2
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9.
2023-12-13 09:20:16
Security Bulletin: IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487
2024-01-01 13:00:03
Security Bulletin: Security vulnerabilities found in IBM WebSphere Application Server Liberty have been addressed in IBM Security Verify Directory Container (CVE-2023-44487, CVE-2023-46158, CVE-2023-44483, CVE-2023-24998)
2024-03-25 16:38:18
osv
osv
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
2023-10-20 12:31:04
CVE-2023-44483
2023-10-20 10:15:12
github
github
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
2023-10-20 12:31:04
prion
prion
Code injection
2023-10-20 10:15:00
Design/Logic Flaw
2023-10-25 18:17:00
redhatcve
redhatcve
CVE-2023-44483
2023-10-27 12:29:31
ubuntucve
ubuntucve
CVE-2023-44483
2023-10-20 00:00:00
debiancve
debiancve
CVE-2023-44483
2023-10-20 10:15:12
nvd
nvd
CVE-2023-46158
2023-10-25 18:17:37
CVE-2023-44483
2023-10-20 10:15:12
nessus
nessus
IBM WebSphere Application Server Liberty 23.0.0.9 < 23.0.0.11 Security Weakness (7058356)
2023-11-01 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)
2024-02-07 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0710)
2024-02-07 00:00:00
cve
cve
CVE-2023-44483
2023-10-20 10:15:12
CVE-2023-46158
2023-10-25 18:17:37
cgr
cgr
CVE-2023-44483 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Information Disclosure
2023-10-25 08:59:16
wolfi
wolfi
CVE-2023-44483 vulnerabilities
2024-06-28 21:08:33
cnvd
cnvd
IBM WebSphere Application Server Liberty Resource Management Error Vulnerability
2023-10-27 00:00:00
cvelist
cvelist
CVE-2023-46158 IBM WebSphere Application Server session fixation
2023-10-25 02:56:20
CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output
2023-10-20 09:23:53
redhat
redhat
(RHSA-2024:0710) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
2024-02-06 19:47:42
(RHSA-2024:0714) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
2024-02-06 19:53:54
(RHSA-2024:0711) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
2024-02-06 19:47:48
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON
Related for 96DD48BA2298CD23088AFB655DB4276D4ACF1E9B0137EF6CF10AE083A61A8BF7
ibm64osv2github1prion2redhatcve1ubuntucve1debiancve1nvd2nessus9cve2cgr1veracode1wolfi1cnvd1cvelist2redhat10oracle2