IBMCE1361DE5FB289FCCF882C7FDC968C4B2062B0EE36767A0AF031F562881EE2E9Security Bulletin: A vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2023-30441)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
61.6%
Summary
A vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed.
Vulnerability Details
CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| InfoSphere Information Server | 11.7 |
Remediation/Fixes
Product| VRMF |
APAR
|
Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud
|
11.7
|
|
--Follow instructions in the README
--If not previously addressed, for AIX installations, see Technote for class not found errors related to ProviderExceptions, Failed to initialize IBMJCEPlus provider, and jgskit (Not found in java.library.path)
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | infosphere_information_server | 11.7 | cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
61.6%