InfoSphere Global Name Management bundles IBM Java as internal component. A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. This vulnerability is addressed.
CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM InfoSphere Global Name Management | 6.0 |
IBM InfoSphere Global Name Management | 7.0 |
Per the original bulletin, this is resolved in IBM Java version 8.0.7.15 or later. GNM customers are advised to apply an interim fix that, among other things, updates the IBM Java in GNM to version 8.0.8.0 or later. Specifically:
None
CPE | Name | Operator | Version |
---|---|---|---|
infosphere global name management | eq | 6.0 | |
infosphere global name management | eq | 7.0 |