#VU86988 Use of a broken or risky cryptographic algorithm in IBM WebSphere Application Server Liberty - CVE-2023-50312


Vulnerability identifier: #VU86988

Vulnerability risk: Low

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-50312

CWE-ID: CWE-327

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor:

Description

The vulnerability allows an adjacent attacker to gain access to potentially sensitive information.

The vulnerability exists due to weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. An adjacent attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.ibm.com/support/pages/node/7125527
http://exchange.xforce.ibmcloud.com/vulnerabilities/274711

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cognos Controller
Multiple vulnerabilities in IBM Process Mining
IBM Sterling B2B Integrator update for WebSphere Application Server
Multiple vulnerabilities in IBM Cognos Analytics
Multiple vulnerabilities in IBM Cloud Pak System
Multiple vulnerabilities in IBM Cloud Application Business Insights
Use of a broken or risky cryptographic algorithm in IBM Storage Scale System
Multiple vulnerabilities in CICS Transaction Gateway
Multiple vulnerabilities in IBM Security Verify Governance - Containerized Identity Manager
Multiple vulnerabilities in IBM Planning Analytics Workspace