IBMEA7535519C72653542B551052AE0AF1CBCAED5E16E4EF42E52957A262E2D3AACSecurity Bulletin: IBM Match 360 is vulnerable to could provide weaker than expected security due to improper resource expiration handling in IBM WebSphere Application Server Liberty (CVE-2023-46158)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.0%
Summary
IBM Match 360 is vulnerable due to weaker than expected security due to improper resource expiration handling in IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10. This has been addressed in the remediation section.
Vulnerability Details
CVEID:CVE-2023-46158
**DESCRIPTION:**IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP Match 360 | 4.8.2 and below |
Remediation/Fixes
Upgrade ICP Match 360 to v4.8.3 or later. For remediation of WebSphere Liberty please see this technote: <https://www.ibm.com/support/pages/node/7058356>
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak for data | eq | 4.8.3 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.0%