cvelistv5 - cve-2023-50314

CVE-2023-50314 (GCVE-0-2023-50314)

Vulnerability from cvelistv5

Published

2024-08-14 17:22

Modified

2024-08-19 16:05

Severity ?

5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-295 - Improper Certificate Validation

Summary

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.

References

►

URL

	Vendor	Product	Version
	IBM	WebSphere Application Liberty	Version: 17.0.0.3 ≤ 24.0.0.8 cpe:2.3:a:ibm:websphere_application_server:17.0.0.3::::liberty::: cpe:2.3:a:ibm:websphere_application_server:24.0.0.8::::liberty:::

wid-sec-w-2024-1856

Vulnerability from csaf_certbund

Published

2024-08-14 22:00

Modified

2025-03-05 23:00

Summary

IBM WebSphere Application Server: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM WebSphere Application Server ist ein J2EE-Applikationsserver.

Angriff

Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - MacOS X - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1856 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1856.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1856 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1856"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-08-14",
        "url": "https://www.ibm.com/support/pages/node/7165511"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-08-14",
        "url": "https://www.ibm.com/support/pages/node/7165502"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7166626 vom 2024-08-26",
        "url": "https://www.ibm.com/support/pages/node/7166626"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167573 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167573"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167996 vom 2024-09-10",
        "url": "https://www.ibm.com/support/pages/node/7167996"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7168657 vom 2024-09-17",
        "url": "https://www.ibm.com/support/pages/node/7168657"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7173351 vom 2024-10-17",
        "url": "https://www.ibm.com/support/pages/node/7173351"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7174363 vom 2024-10-29",
        "url": "https://www.ibm.com/support/pages/node/7174363"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7174637 vom 2024-11-01",
        "url": "https://www.ibm.com/support/pages/node/7174637"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7174626 vom 2024-11-04",
        "url": "https://www.ibm.com/support/pages/node/7174626"
      },
      {
        "category": "external",
        "summary": "HCL BigFix Advisory vom 2024-11-07",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=c054a21093b5d2500dddf87d1dba102d"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7175745 vom 2024-11-12",
        "url": "https://www.ibm.com/support/pages/node/7175745"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7176643 vom 2024-11-20",
        "url": "https://www.ibm.com/support/pages/node/7176643"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2024-12-04",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=7d3e5c1993d25610ba9fb1566aba1038"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7178098 vom 2024-12-06",
        "url": "https://www.ibm.com/support/pages/node/7178098"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0118189 vom 2024-12-16",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0118189"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-03-05",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0119650"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM WebSphere Application Server: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-03-05T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-06T09:17:29.375+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1856",
      "initial_release_date": "2024-08-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-26T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-16T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-29T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-03T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-04T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-20T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-12-04T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "16"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.8.0",
                "product": {
                  "name": "HCL AppScan Enterprise \u003c10.8.0",
                  "product_id": "T041600"
                }
              },
              {
                "category": "product_version",
                "name": "10.8.0",
                "product": {
                  "name": "HCL AppScan Enterprise 10.8.0",
                  "product_id": "T041600-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:appscan_enterprise:10.8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AppScan Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Compliance",
                "product": {
                  "name": "HCL BigFix Compliance",
                  "product_id": "T038823",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:bigfix:compliance"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Inventory \u003c11.0.2.0",
                "product": {
                  "name": "HCL BigFix Inventory \u003c11.0.2.0",
                  "product_id": "T039862"
                }
              },
              {
                "category": "product_version",
                "name": "Inventory 11.0.2.0",
                "product": {
                  "name": "HCL BigFix Inventory 11.0.2.0",
                  "product_id": "T039862-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:bigfix:inventory__11.0.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.1.16",
                "product": {
                  "name": "HCL Commerce \u003c9.0.1.16",
                  "product_id": "T019286"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.1.16",
                "product": {
                  "name": "HCL Commerce 9.0.1.16",
                  "product_id": "T019286-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.0.1.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.17.0",
                "product": {
                  "name": "HCL Commerce \u003c9.1.17.0",
                  "product_id": "T039584"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.17.0",
                "product": {
                  "name": "HCL Commerce 9.1.17.0",
                  "product_id": "T039584-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.1.17.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "21.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 21.0.2",
                  "product_id": "1055431",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.3",
                "product": {
                  "name": "IBM Business Automation Workflow 21.0.3",
                  "product_id": "1150328",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 22.0.1",
                  "product_id": "1268578",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:22.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "18.0.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 18.0.0.0",
                  "product_id": "389078",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "18.0.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 18.0.0.1",
                  "product_id": "389079",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "18.0.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 18.0.0.2",
                  "product_id": "428468",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 19.0.0.1",
                  "product_id": "433292",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 19.0.0.2",
                  "product_id": "672243",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.3",
                "product": {
                  "name": "IBM Business Automation Workflow 19.0.0.3",
                  "product_id": "672244",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "20.0.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 20.0.0.1",
                  "product_id": "867559",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "20.0.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 20.0.0.2",
                  "product_id": "867560",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 22.0.2",
                  "product_id": "T027961",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 23.0.1",
                  "product_id": "T031216",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 23.0.2",
                  "product_id": "T031777",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0",
                  "product_id": "T036570",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.2.0-9.2.36",
                "product": {
                  "name": "IBM License Metric Tool 9.2.0-9.2.36",
                  "product_id": "T037670",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2.0_-_9.2.36"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          },
          {
            "category": "product_name",
            "name": "IBM MQ",
            "product": {
              "name": "IBM MQ",
              "product_id": "T021398",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:mq:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Maximo Asset Management",
                "product": {
                  "name": "IBM Maximo Asset Management",
                  "product_id": "T024664",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.8",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.8",
                  "product_id": "T039351",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.7",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.7",
                  "product_id": "T039352",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.6",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.6",
                  "product_id": "T039353",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Maximo Asset Management"
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearQuest",
            "product": {
              "name": "IBM Rational ClearQuest",
              "product_id": "5168",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearquest:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.1.9.5",
                "product": {
                  "name": "IBM Storage Scale 5.1.9.5",
                  "product_id": "T037084",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.1.9.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for multiplatforms",
                "product": {
                  "name": "IBM TXSeries for multiplatforms",
                  "product_id": "T036617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TXSeries"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4",
                "product": {
                  "name": "IBM Tivoli Key Lifecycle Manager 4.0",
                  "product_id": "T016998",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.1",
                "product": {
                  "name": "IBM Tivoli Key Lifecycle Manager 4.1",
                  "product_id": "T024337",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:4.1.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Key Lifecycle Manager"
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Monitoring",
            "product": {
              "name": "IBM Tivoli Monitoring",
              "product_id": "T011128",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_monitoring:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5.21",
                "product": {
                  "name": "IBM WebSphere Application Server \u003c9.0.5.21",
                  "product_id": "T036892"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5.21",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0.5.21",
                  "product_id": "T036892-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.21"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.5.27",
                "product": {
                  "name": "IBM WebSphere Application Server \u003c8.5.5.27",
                  "product_id": "T036893"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.5.27",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5.5.27",
                  "product_id": "T036893-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.27"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c24.0.0.9",
                "product": {
                  "name": "IBM WebSphere Application Server \u003c24.0.0.9",
                  "product_id": "T036894"
                }
              },
              {
                "category": "product_version",
                "name": "24.0.0.9",
                "product": {
                  "name": "IBM WebSphere Application Server 24.0.0.9",
                  "product_id": "T036894-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:24.0.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Service Registry and Repository 8.5",
                  "product_id": "306235",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Service Registry and Repository"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50314",
      "product_status": {
        "known_affected": [
          "672243",
          "T031216",
          "T031777",
          "672244",
          "T038823",
          "5168",
          "T011128",
          "T016998",
          "1055431",
          "T039351",
          "T039353",
          "T037670",
          "T039352",
          "433292",
          "T041600",
          "T024664",
          "T021398",
          "T036617",
          "867559",
          "1268578",
          "389079",
          "T036894",
          "428468",
          "389078",
          "T019286",
          "1150328",
          "T036892",
          "T039862",
          "T036893",
          "T037084",
          "T039584",
          "T036570",
          "867560",
          "T024337",
          "T027961",
          "306235"
        ]
      },
      "release_date": "2024-08-14T22:00:00.000+00:00",
      "title": "CVE-2023-50314"
    },
    {
      "cve": "CVE-2023-50315",
      "product_status": {
        "known_affected": [
          "672243",
          "T031216",
          "T031777",
          "672244",
          "T038823",
          "5168",
          "T011128",
          "T016998",
          "1055431",
          "T039351",
          "T039353",
          "T037670",
          "T039352",
          "433292",
          "T041600",
          "T024664",
          "T021398",
          "T036617",
          "867559",
          "1268578",
          "389079",
          "T036894",
          "428468",
          "389078",
          "T019286",
          "1150328",
          "T036892",
          "T039862",
          "T036893",
          "T037084",
          "T039584",
          "T036570",
          "867560",
          "T024337",
          "T027961",
          "306235"
        ]
      },
      "release_date": "2024-08-14T22:00:00.000+00:00",
      "title": "CVE-2023-50315"
    }
  ]
}

ghsa-jjch-2577-r3c2

Vulnerability from github

Published

2024-08-14 18:32

Modified

2024-08-14 18:32

Severity ?

5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-50314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274713.",
  "id": "GHSA-jjch-2577-r3c2",
  "modified": "2024-08-14T18:32:43Z",
  "published": "2024-08-14T18:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50314"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274713"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7165502"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

ncsc-2025-0064

Vulnerability from csaf_ncscnl

Published

2025-02-21 08:40

Modified

2025-02-21 08:40

Summary

Kwetsbaarheden verholpen in IBM Cognos Controller

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

IBM heeft kwetsbaarheden verholpen in IBM Cognos Controller (Versies 11.0.0 tot 11.0.1 FP3 en 11.1.0).

Interpretaties

De kwetsbaarheden stellen een kwaadwillende in staat om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Cross-Site-Scripting (XSS) - Omzeilen van een beveiligingsmaatregel - Manipulatie van gegevens - Verkrijgen van verhoogde rechten - Uitvoer van willekeurige code (Gebruikersrechten) - Toegang tot gevoelige informatie De kwetsbaarheden bevinden zich zowel in de Cognos Controller-Applicatie zelf, als in onderliggende producten, zoals Java, Websphere Liberty, Apache Ant en diverse Open Source componenten, welke met Cognos Controller worden meegeleverd.

Oplossingen

IBM heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-130

Improper Handling of Length Parameter Inconsistency

CWE-399

CWE-379

Creation of Temporary File in Directory with Insecure Permissions

CWE-300

Channel Accessible by Non-Endpoint

CWE-798

Use of Hard-coded Credentials

CWE-284

Improper Access Control

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-295

Improper Certificate Validation

CWE-91

XML Injection (aka Blind XPath Injection)

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-502

Deserialization of Untrusted Data

CWE-377

Insecure Temporary File

CWE-863

Incorrect Authorization

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-611

Improper Restriction of XML External Entity Reference

CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "IBM heeft kwetsbaarheden verholpen in IBM Cognos Controller (Versies 11.0.0 tot 11.0.1 FP3 en 11.1.0).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen een kwaadwillende in staat om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Cross-Site-Scripting (XSS)\n- Omzeilen van een beveiligingsmaatregel\n- Manipulatie van gegevens\n- Verkrijgen van verhoogde rechten\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige informatie\n\nDe kwetsbaarheden bevinden zich zowel in de Cognos Controller-Applicatie zelf, als in onderliggende producten, zoals Java, Websphere Liberty, Apache Ant en diverse Open Source componenten, welke met Cognos Controller worden meegeleverd.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "IBM heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "CWE-399",
        "title": "CWE-399"
      },
      {
        "category": "general",
        "text": "Creation of Temporary File in Directory with Insecure Permissions",
        "title": "CWE-379"
      },
      {
        "category": "general",
        "text": "Channel Accessible by Non-Endpoint",
        "title": "CWE-300"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Credentials",
        "title": "CWE-798"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "XML Injection (aka Blind XPath Injection)",
        "title": "CWE-91"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Use of a Broken or Risky Cryptographic Algorithm",
        "title": "CWE-327"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Insecure Temporary File",
        "title": "CWE-377"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://www.ibm.com/support/pages/node/7183597"
      }
    ],
    "title": "Kwetsbaarheden verholpen in IBM Cognos Controller",
    "tracking": {
      "current_release_date": "2025-02-21T08:40:26.849797Z",
      "id": "NCSC-2025-0064",
      "initial_release_date": "2025-02-21T08:40:26.849797Z",
      "revision_history": [
        {
          "date": "2025-02-21T08:40:26.849797Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "cognos_controller",
            "product": {
              "name": "cognos_controller",
              "product_id": "CSAFPID-1698100",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "ibm"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11979",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insecure Temporary File",
          "title": "CWE-377"
        },
        {
          "category": "other",
          "text": "Creation of Temporary File in Directory with Insecure Permissions",
          "title": "CWE-379"
        },
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11979",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11979.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2020-11979"
    },
    {
      "cve": "CVE-2021-36373",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        },
        {
          "category": "other",
          "text": "CWE-399",
          "title": "CWE-399"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-36373",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-36373.json"
        }
      ],
      "title": "CVE-2021-36373"
    },
    {
      "cve": "CVE-2021-36374",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        },
        {
          "category": "other",
          "text": "CWE-399",
          "title": "CWE-399"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-36374",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-36374.json"
        }
      ],
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2022-4244",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-4244",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4244.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2022-4244"
    },
    {
      "cve": "CVE-2022-4245",
      "cwe": {
        "id": "CWE-91",
        "name": "XML Injection (aka Blind XPath Injection)"
      },
      "notes": [
        {
          "category": "other",
          "text": "XML Injection (aka Blind XPath Injection)",
          "title": "CWE-91"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-4245",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-4245.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2022-4245"
    },
    {
      "cve": "CVE-2023-47160",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47160",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47160.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2023-47160"
    },
    {
      "cve": "CVE-2023-50314",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50314",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50314.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2023-50314"
    },
    {
      "cve": "CVE-2024-21131",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json"
        }
      ],
      "title": "CVE-2024-21131"
    },
    {
      "cve": "CVE-2024-21144",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21144",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json"
        }
      ],
      "title": "CVE-2024-21144"
    },
    {
      "cve": "CVE-2024-21145",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21145",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json"
        }
      ],
      "title": "CVE-2024-21145"
    },
    {
      "cve": "CVE-2024-27267",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "notes": [
        {
          "category": "other",
          "text": "Channel Accessible by Non-Endpoint",
          "title": "CWE-300"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27267",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27267.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-27267"
    },
    {
      "cve": "CVE-2024-28776",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28776",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28776.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-28776"
    },
    {
      "cve": "CVE-2024-28777",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28777",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28777.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-28777"
    },
    {
      "cve": "CVE-2024-28780",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28780",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28780.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-28780"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-45081",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45081",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45081.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-45081"
    },
    {
      "cve": "CVE-2024-45084",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45084",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45084.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-45084"
    },
    {
      "cve": "CVE-2024-52902",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Credentials",
          "title": "CWE-798"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1698100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-52902",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52902.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1698100"
          ]
        }
      ],
      "title": "CVE-2024-52902"
    }
  ]
}

gsd-2023-50314

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-50314

Aliases

CVE-2023-50314

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-50314",
    "id": "GSD-2023-50314"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-50314"
      ],
      "id": "GSD-2023-50314",
      "modified": "2023-12-13T01:20:31.477605Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-50314",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

fkie_cve-2023-50314

Vulnerability from fkie_nvd

Published

2024-08-14 18:15

Modified

2024-08-23 19:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

▶	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/274713	Vendor Advisory
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7165502	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	websphere_application_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
              "matchCriteriaId": "8F9D03BF-D960-4CB7-A9CA-F330DCBF0970",
              "versionEndIncluding": "24.0.0.8",
              "versionStartIncluding": "17.0.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274713."
    },
    {
      "lang": "es",
      "value": " IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.8 podr\u00eda permitir que un atacante con acceso a la red realice ataques de suplantaci\u00f3n de identidad. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando un certificado emitido por una autoridad confiable para obtener informaci\u00f3n confidencial. ID de IBM X-Force: 274713."
    }
  ],
  "id": "CVE-2023-50314",
  "lastModified": "2024-08-23T19:20:22.473",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-14T18:15:09.697",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274713"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7165502"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-50314 (GCVE-0-2023-50314)

Vulnerability from cvelistv5

wid-sec-w-2024-1856

Vulnerability from csaf_certbund

ghsa-jjch-2577-r3c2

Vulnerability from github

ncsc-2025-0064

Vulnerability from csaf_ncscnl

gsd-2023-50314

Vulnerability from gsd

fkie_cve-2023-50314

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature