Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9803DDC862629210CF362857F2DA554C778A7D51080674579E46BC131BDA324B
HistoryAug 10, 2023 - 10:22 p.m.

Security Bulletin: IBM InfoSphere Global Name Management Vulnerable to CVE-2023-30441

2023-08-1022:22:42
www.ibm.com
25
ibm infosphere global name management
cve-2023-30441
cryptographic attacks
tls server
ibm java
ibmjceplus
jsse
cvss
gnm
interim fix.

0.002 Low

EPSS

Percentile

54.9%

JSON

Summary

InfoSphere Global Name Management bundles IBM Java as internal component. A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. This vulnerability is addressed.

Vulnerability Details

CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM InfoSphere Global Name Management 6.0
IBM InfoSphere Global Name Management 7.0

Remediation/Fixes

Per the original bulletin, this is resolved in IBM Java version 8.0.7.15 or later. GNM customers are advised to apply an interim fix that, among other things, updates the IBM Java in GNM to version 8.0.8.0 or later. Specifically:

  • For GNM version 7, update using the files and instructions in GNM 7 interim fix 006, available at IBM fix central.
  • For GNM version 6, update using the files and instructions in GNM 6 interim fix 015, available at IBM fix central.

Workarounds and Mitigations

None

Related

redhatcve 1
ibm 49
cvelist 1
nessus 6
prion 1
cve 1
redhat 2
aix 1
openvas 1
redhatcve
redhatcve
CVE-2023-30441
2023-04-20 21:01:11
ibm
ibm
Security Bulletin: Vulnerability in IBM Java affects DB2 Recovery Expert for Linux, Unix and Windows
2023-09-13 09:34:52
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Business Automation Workflow (CVE-2023-30441)
2023-05-12 17:25:50
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-30441)
2023-06-27 19:01:25
cvelist
cvelist
CVE-2023-30441 IBM Java information disclosure
2023-04-29 14:40:40
nessus
nessus
IBM Java 8.0 < 8.0.7.15
2023-04-20 00:00:00
IBM Java 8.0.7 < 8.0.7.15 Information Exposure (6985011)
2023-05-17 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2022:6756)
2022-09-29 00:00:00
prion
prion
Information disclosure
2023-04-29 15:15:00
cve
cve
CVE-2023-30441
2023-04-29 15:15:18
redhat
redhat
(RHSA-2022:6735) Moderate: java-1.8.0-ibm security update
2022-10-25 07:58:21
(RHSA-2022:6756) Moderate: java-1.8.0-ibm security update
2022-09-29 15:05:13
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2023-05-19 10:29:25
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2491-1)
2023-06-13 00:00:00

0.002 Low

EPSS

Percentile

54.9%

JSON
Related for 9803DDC862629210CF362857F2DA554C778A7D51080674579E46BC131BDA324B
redhatcve1ibm49cvelist1nessus6prion1cve1redhat2aix1openvas1