CVE-2023-50313 - OpenCVE

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Websphere Application Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_application_server:8.5:::::::*
	cpe:2.3:a:ibm:websphere_application_server:9.0:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/274812	Not Applicable VDB Entry
https://www.ibm.com/support/pages/node/7145620	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2024-04-02T12:54:31.145Z

Updated: 2024-07-05T17:22:24.690Z

Reserved: 2023-12-07T01:29:00.310Z

Link: CVE-2023-50313

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-04-02T13:15:51.270

Modified: 2024-04-08T22:48:41.757

Link: CVE-2023-50313

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50313", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-12-07T01:29:00.310Z", "datePublished": "2024-04-02T12:54:31.145Z", "dateUpdated": "2024-07-05T17:22:24.690Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WebSphere Application Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.5, 9.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812."}], "value": "IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-04-02T12:54:31.145Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7145620"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274812"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM WebSphere Application Server information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T15:32:57.989258Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:24.690Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "E30E8CE2-9137-4669-AE86-FB8ED0899736", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812."}, {"lang": "es", "value": "IBM WebSphere Application Server 8.5 y 9.0 podr\u00eda proporcionar una seguridad m\u00e1s d\u00e9bil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuraci\u00f3n del usuario. ID de IBM X-Force: 274812."}], "id": "CVE-2023-50313", "lastModified": "2024-04-08T22:48:41.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-04-02T13:15:51.270", "references": [{"source": "psirt@us.ibm.com", "tags": ["Not Applicable", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274812"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7145620"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}