Lucene search

IBMEFFC562DA6D421ED3CA3CF3D4A8C5585B32EADD48DFA03A9BD211A759232C2AC

HistoryApr 22, 2024 - 8:03 a.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server and Websphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-50313)

2024-04-2208:03:30

www.ibm.com

ibm

security guardium

key lifecycle manager

sklm

gklm

websphere

application server

liberty

vulnerability

cve-2023-50313

remediation

fixes

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Summary

WebSphere Application Server and Websphere Liberty is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium Key Lifecycle Manager	3.0, 3.0.1, 4.0, 4.1, 4.1.1, 4.2, 4.2.1

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | Websphere Liberty 21.0.0.6
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | Websphere Liberty 22.0.0.12
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1 | Websphere Liberty 23.0.0.9

Remediation/Fixes

Please consult the Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_guardium_key_lifecycle_managerMatch3.0

ibmsecurity_guardium_key_lifecycle_managerMatch3.0.1

ibmsecurity_guardium_key_lifecycle_managerMatch4.0

ibmsecurity_guardium_key_lifecycle_managerMatch4.1

ibmsecurity_guardium_key_lifecycle_managerMatch4.1.1

ibmsecurity_guardium_key_lifecycle_managerMatch4.2

ibmsecurity_guardium_key_lifecycle_managerMatch4.2.1

CPENameOperatorVersion
ibm security guardium key lifecycle managereq3.0
ibm security guardium key lifecycle managereq3.0.1
ibm security guardium key lifecycle managereq4.0
ibm security guardium key lifecycle managereq4.1
ibm security guardium key lifecycle managereq4.1.1
ibm security guardium key lifecycle managereq4.2
ibm security guardium key lifecycle managereq4.2.1

Name	Operator	Version
ibm security guardium key lifecycle manager	eq	3.0
ibm security guardium key lifecycle manager	eq	3.0.1
ibm security guardium key lifecycle manager	eq	4.0
ibm security guardium key lifecycle manager	eq	4.1
ibm security guardium key lifecycle manager	eq	4.1.1
ibm security guardium key lifecycle manager	eq	4.2
ibm security guardium key lifecycle manager	eq	4.2.1

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for EFFC562DA6D421ED3CA3CF3D4A8C5585B32EADD48DFA03A9BD211A759232C2AC