7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
44.7%
IBM WebSphere Application Server traditional container is vulnerable to information disclosure. This affects only the containerized version of WebSphere Application Server traditional. This has been addressed.
CVEID:CVE-2022-43917
**DESCRIPTION:**IBM WebSphere Application Server traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM WebSphere Application Server - traditional container | 9.0 |
IBM WebSphere Application Server - traditional container | 8.5 |
IBM strongly recommends addressing the vulnerability now by following the instructions below to update container images created prior to January 23, 2023.
For IBM WebSphere Application Server traditional container:
For V9.0.0.9 through 9.0.5.14:
· Update all container images created prior to January 23, 2023 to container image version 9.0.5.14 by following the instructions for Checking the Image Version and Updatng to the Latest Version.
--OR–
· Update container images to version 9.0.5.15 or later (targeted availability 1Q2023).
For V8.5.5.17 through 8.5.5.22:
· Update all container images created prior to January 23, 2023 to container image version 8.5.5.22 by following the instructions for Checking the Image Version and Updating to the Latest Version.
--OR–
· Update container images to version 8.5.5.23 or later (targeted availability 1Q2023).
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
44.7%