Lucene search

IBMA057FBDA2E8915724635173554AF3B924B63188BF8C76720EE49F8673CFFDC13

HistorySep 01, 2023 - 12:59 p.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server and Websphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) ( CVE-2022-40609)

2023-09-0112:59:28

www.ibm.com

ibm security key lifecycle manager

guardium key lifecycle manager

websphere application server

websphere liberty

vulnerability

update

remediation

security bulletin

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

Summary

WebSphere Application Server and Websphere Liberty is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Key Lifecycle Manager	3.0, 3.0.1, 4.0
IBM Security Guardium Key Lifecycle Manager	4.1, 4.1.1, 4.2

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Principal Product and Version(s)	Affected Supporting Product and Version	Remediation/ Fixes
IBM Security Key Lifecycle Manager (SKLM) v3.0	WebSphere Application Server v9.0.0.5	Please consult the Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609 for vulnerability details and information about fixes.
IBM Security Key Lifecycle Manager (SKLM) v3.0.1	WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0	WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1	WebSphere Application Server v9.0.5.5
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1	Websphere Liberty 21.0.0.6
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2	Websphere Liberty 22.0.0.12

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_guardium_key_lifecycle_managerMatch4.1

ibmsecurity_guardium_key_lifecycle_managerMatch4.1.1

ibmsecurity_key_lifecycle_managerMatch3.0

ibmsecurity_key_lifecycle_managerMatch3.0.1

ibmsecurity_key_lifecycle_managerMatch4.0

CPENameOperatorVersion
ibm security guardium key lifecycle managereq4.1
ibm security guardium key lifecycle managereq4.1.1
ibm security key lifecycle managereq3.0
ibm security key lifecycle managereq3.0.1
ibm security key lifecycle managereq4.0

Name	Operator	Version
ibm security guardium key lifecycle manager	eq	4.1
ibm security guardium key lifecycle manager	eq	4.1.1
ibm security key lifecycle manager	eq	3.0
ibm security key lifecycle manager	eq	3.0.1
ibm security key lifecycle manager	eq	4.0