7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.4%
IBM App Connect Enterprise is vulnerable to a remote attacker due to OpenSSL in Node.js. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-5363
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the initialisation of some symmetric ciphers. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269418 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM App Connect Enterprise | 12.0.1.0 - 12.0.10.0 |
IBM App Connect Enterprise | 11.0.0.1 - 11.0.0.23 |
IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise
Affected Product(s)
|
Version(s)
|
APAR
|
Remediation / Fixes
—|—|—|—
IBM App Connect Enterprise
|
12.0.1.0 - 12.0.10.0
|
IT45090
|
The APAR (IT45090) is available from
IBM App Connect Enterprise v12- Fix Pack Release 12.0.10.1
IBM App Connect Enterprise
|
11.0.0.1 - 11.0.0.23
|
IT45090
|
The APAR (IT45090) is available from
IBM App Connect Enterprise v11 - Fix Pack Release 11.0.0.24
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.4%