CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
36.4%
App Connect Professional have addressed the following vulnerability reported in Bouncy Castle.
CVEID:CVE-2023-33201
**DESCRIPTION:**The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258653 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
App connect professional | v755 |
Affected Product | Version(s) | APAR | Fixcentral LinK |
---|---|---|---|
App Connect Professional | 7.5.5.0 | LI83013 | 7550 Fixcentral link |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | app_connect_professional | 755 | cpe:2.3:a:ibm:app_connect_professional:755:*:*:*:*:*:*:* |
ibm | app_connect_professional | 021 | cpe:2.3:a:ibm:app_connect_professional:021:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
36.4%