Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WebSphere Application Liberty by IBM

    CVE-2023-50314 (GCVE-0-2023-50314)

    Vulnerability from nvd – Published: 2024-08-14 17:22 – Updated: 2024-08-19 16:05
    VLAI
    Title
    IBM WebSphere Application Server Libery information disclosure
    Summary
    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM WebSphere Application Liberty Affected: 17.0.0.3 , ≤ 24.0.0.8 (semver)
        cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:24.0.0.8:*:*:*:liberty:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T16:05:05.728208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T16:05:25.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:24.0.0.8:*:*:*:liberty:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "WebSphere Application Liberty",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "24.0.0.8",
                  "status": "affected",
                  "version": "17.0.0.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274713."
                }
              ],
              "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274713."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T17:22:31.591Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7165502"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274713"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM WebSphere Application Server Libery information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-50314",
        "datePublished": "2024-08-14T17:22:31.591Z",
        "dateReserved": "2023-12-07T01:29:00.310Z",
        "dateUpdated": "2024-08-19T16:05:25.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50314 (GCVE-0-2023-50314)

    Vulnerability from cvelistv5 – Published: 2024-08-14 17:22 – Updated: 2024-08-19 16:05
    VLAI
    Title
    IBM WebSphere Application Server Libery information disclosure
    Summary
    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM WebSphere Application Liberty Affected: 17.0.0.3 , ≤ 24.0.0.8 (semver)
        cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:24.0.0.8:*:*:*:liberty:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T16:05:05.728208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T16:05:25.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:24.0.0.8:*:*:*:liberty:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "WebSphere Application Liberty",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "24.0.0.8",
                  "status": "affected",
                  "version": "17.0.0.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274713."
                }
              ],
              "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274713."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T17:22:31.591Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7165502"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274713"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM WebSphere Application Server Libery information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-50314",
        "datePublished": "2024-08-14T17:22:31.591Z",
        "dateReserved": "2023-12-07T01:29:00.310Z",
        "dateUpdated": "2024-08-19T16:05:25.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }