Lucene search

IbmVULNRICHMENT:CVE-2023-46158

HistoryOct 25, 2023 - 2:56 a.m.

CVE-2023-46158 IBM WebSphere Application Server session fixation

2023-10-2502:56:20

CWE-613

ibm

github.com

ibm

websphere

application server

security

issue

session fixation

liberty 23.0.0.9

23.0.0.10

improper resource expiration

x-force id 268775

CVSS3

4.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.6

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.

References

exchange.xforce.ibmcloud.com/vulnerabilities/268775

www.ibm.com/support/pages/node/7058356

CVSS3

4.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.6

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-46158