Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEC8576E43260F894F15F854E2D9EFFA3428F2ED91D20E25A550FC63A0A661ED6
HistorySep 26, 2023 - 7:13 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-35890)

2023-09-2619:13:54
www.ibm.com
26
ibm
tivoli
websphere
security bulletin
cve-2023-35890
vulnerability
fix
version 4.1
version 8.5
version 9.0

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and could provide weaker than expected security. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli System Automation Application Manager 4.1

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Tivoli System Automation Application Manager 4.1 WebSphere Application Server 8.5 Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-35890)
IBM Tivoli System Automation Application Manager 4.1 WebSphere Application Server 9.0 Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-35890)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_system_automation_application_managerMatch4.1

Related

ibm 22
cvelist 1
cve 1
prion 1
nvd 1
nessus 1
ibm
ibm
Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-35890)
2023-06-29 14:41:42
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-35890)
2023-07-07 23:21:10
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)
2023-10-06 01:29:46
cvelist
cvelist
CVE-2023-35890 IBM WebSphere Application Server information disclosure
2023-07-07 02:13:23
cve
cve
CVE-2023-35890
2023-07-07 03:15:09
prion
prion
Design/Logic Flaw
2023-07-07 03:15:00
nvd
nvd
CVE-2023-35890
2023-07-07 03:15:09
nessus
nessus
IBM WebSphere Application Server 8.5.5.23 < 8.5.5.24 / 9.0.5.15 < 9.0.5.17 (7007857)
2023-07-07 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for EC8576E43260F894F15F854E2D9EFFA3428F2ED91D20E25A550FC63A0A661ED6
ibm22cvelist1cve1prion1nvd1nessus1