Lucene search

IBMAF12036D07D1BEB513152C86D3AA5FB3A86CACD1FA9F15691D813C165FE0A9B3

HistoryApr 03, 2023 - 5:27 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2023-26283)

2023-04-0317:27:52

www.ibm.com

ibm case manager

websphere application server

security vulnerability

cross-site scripting

cve-2023-26283

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.2%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Case Manager	5.3CD

Remediation/Fixes

Please consult the security bulletin Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcase_managerMatch5.1.1.

ibmcase_managerMatch5.2.0

ibmcase_managerMatch5.2.1

ibmcase_managerMatch5.3.

CPENameOperatorVersion
ibm case managereq5.1.1.
ibm case managereq5.2.0
ibm case managereq5.2.1
ibm case managereq5.3.

Name	Operator	Version
ibm case manager	eq	5.1.1.
ibm case manager	eq	5.2.0
ibm case manager	eq	5.2.1
ibm case manager	eq	5.3.