Lucene search

IBM2FE8C242DF1DADAD88FC1569DDA2D14E5A851AB966820858848927FCD2EC10AA

HistoryJun 26, 2024 - 4:24 p.m.

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

2024-06-2616:24:22

www.ibm.com

ibm

websphere application server liberty

storage protect

virtual environments

data protection

hyper-v

vulnerability

tls

connection

cve-2023-50312

upgrade

fix

linux

windows

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the “Vulnerability Details” section. CVE-2023-50312.

Vulnerability Details

CVEID:CVE-2023-50312
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/274711 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V	8.1.0.0 - 8.1.22.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by upgrading.

Product	Fixing level	Platforms	Link to fix and instructions
IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V	8.1.23.0	Linux
Windows	Download Information: IBM Storage Protect for Virtual Environments 8.1.23

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_protect_for_virtual_environmentsMatch8.1

CPENameOperatorVersion
ibm storage protect for virtual environmentseq8.1

CPE	Name	Operator	Version
	ibm storage protect for virtual environments	eq	8.1

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for 2FE8C242DF1DADAD88FC1569DDA2D14E5A851AB966820858848927FCD2EC10AA