IBMA3CAA2EBF1E8D87F989D36254E6996C26ED1D9838B7A73256D5FD628C0049EA1Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer ( CVE-2024-22329, CVE-2023-50312)
5.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE ( CVE-2024-22329, CVE-2023-50312).
Vulnerability Details
CVEID:CVE-2024-22329
**DESCRIPTION:**IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279951 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-50312
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/274711 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Watson Explorer DAE Analytical Components |
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
IBM Watson Explorer DAE Foundational Components|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
IBM Watson Explorer Analytical Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
IBM Watson Explorer Foundational Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
Remediation/Fixes
| Affected Product | Affected Versions | Fix |
|---|---|---|
| IBM Watson Explorer DAE Analytical Components |
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
|
Upgrade to Version 12.0.3.15.
See Watson Explorer Version 12.0.3.15 Analytical Components for download information and instructions.
IBM Watson Explorer DAE Foundational Components|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
|
Upgrade to Version 12.0.3.15.
See Watson Explorer Version 12.0.3.15 Foundational Components for download information and instructions.
IBM Watson Explorer Analytical Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
|
Upgrade to Watson Explorer Analytical Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Foundational Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
|
Upgrade to Watson Explorer Foundational Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
Workarounds and Mitigations
None
Affected configurations
Related
5.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%