Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA99A36514ED57F1D3EB2133AA65ECB560FCD8CAC0F8864B1FE70785B49782262
HistoryApr 10, 2024 - 6:59 p.m.

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

2024-04-1018:59:57
www.ibm.com
7
ibm
websphere
application server
ibm websphere hybrid edition
jose4j
cve-2023-51775
denial of service

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

Summary

There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) and Version(s) Affecting Product(s) and Version(s) Affecting Product(s) and Version(s)

IBM WebSphere Hybrid Edition

  • 5.1
    |

IBM WebSphere Application Server Liberty

  • 21.0.0.3 - 24.0.0.3
    |

IBM WebSphere Application Server

  • 9.0
  • 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH60199 and APAR PH60195 as described in Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm websphere hybrid editioneq5.1

Related

cgr 1
nessus 3
ibm 23
ubuntucve 1
wolfi 1
osv 2
veracode 1
github 1
redhatcve 1
cve 1
prion 1
cvelist 1
debiancve 1
oracle 1
cgr
cgr
CVE-2023-51775 vulnerabilities
2024-05-19 03:07:16
nessus
nessus
IBM WebSphere Application Server 8.5.5.3 < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 21.0.0.3 < 24.0.0.4 DoS (7145942)
2024-04-04 00:00:00
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:1532-1)
2024-05-07 00:00:00
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:1507-1)
2024-05-07 00:00:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2023-51775
2024-04-10 14:21:33
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775)
2024-04-04 16:54:13
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-51775)
2024-04-16 03:01:07
ubuntucve
ubuntucve
CVE-2023-51775
2024-02-29 00:00:00
wolfi
wolfi
CVE-2023-51775 vulnerabilities
2024-05-29 03:07:31
osv
osv
CVE-2023-51775
2024-02-29 01:42:05
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
veracode
veracode
Denial Of Service (DoS)
2024-03-05 06:37:59
github
github
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
redhatcve
redhatcve
CVE-2023-51775
2024-02-29 09:03:19
cve
cve
CVE-2023-51775
2024-02-29 01:42:05
prion
prion
Design/Logic Flaw
2024-02-29 01:42:00
cvelist
cvelist
CVE-2023-51775
2023-12-25 00:00:00
debiancve
debiancve
CVE-2023-51775
2024-02-29 01:42:05
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for A99A36514ED57F1D3EB2133AA65ECB560FCD8CAC0F8864B1FE70785B49782262
cgr1nessus3ibm23ubuntucve1wolfi1osv2veracode1github1redhatcve1cve1prion1cvelist1debiancve1oracle1