Lucene search
IBMC6DE009F4833F1CAFB1ACC6E422D6633F7BD89D7D3ACBD99D58932ABE4D96E44HistoryMay 12, 2023 - 5:25 p.m.
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Business Automation Workflow (CVE-2023-30441)
2023-05-1217:25:50
www.ibm.com
14
ibm
websphere
application server
vulnerability
security bulletin
liberty
business automation workflow
cve-2023-30441
remediation
fix
enterprise service bus
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
61.6%
Summary
WebSphere Application Server traditional and WebSphere Application Server Liberty profile are shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional and Liberty profile have been published in a security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) | Status | Note |
|---|---|---|---|
| IBM Business Automation Workflow containers | V22.0.2 - V22.0.2-IF003 | ||
| V22.0.1 - V22.0.1 all fixes | |||
| V21.0.3 - V21.0.3-IF012 | |||
| V21.0.2 all fixes | |||
| V20.0.0.2 all fixes | |||
| V20.0.0.1 all fixes | affected | ||
| IBM Business Automation Workflow traditional | V22.0.1 - V22.0.2 | ||
| V21.0.1 - V21.0.3.1 | |||
| V20.0.0.1 - V20.0.0.2 | |||
| V19.0.0.1 - V19.0.0.3 | |||
| V18.0.0.0 - V18.0.0.2 | affected | Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed. | |
| IBM Business Automation Workflow Enterprise Service Bus | V22.0.2 | affected | Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed. |
| IBM Business Process Manager Enterprise Service Bus | V8.6.0.0-2018.03 | affected |
For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.
Remediation/Fixes
Please consult the Security Bulletin:Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441 for vulnerability details and information about fixes.
| Affected Product(s) | Version(s) | Remediation / Fix |
|---|---|---|
| IBM Business Automation Workflow containers | V22.0.2 - V22.0.2-IF003 | |
| V22.0.1 - V22.0.1 all fixes | Apply 22.0.2-IF004 | |
| IBM Business Automation Workflow containers | V21.0.3 - V21.0.3-IF019 | |
| V21.0.2 all fixes | ||
| V21.0.1 all fixes | ||
| V20.0.0.2 all fixes | ||
| V20.0.0.1 all fixes | Apply 21.0.3-IF020 or apply 22.0.2-IF004 | |
| IBM Business Automation Workflow traditional | V22.0.1 - V22.0.2 | |
| V21.0.1 - V21.0.3.1 | ||
| V20.0.0.1 - V20.0.0.2 | ||
| V19.0.0.1 - V19.0.0.3 | ||
| V18.0.0.0 - V18.0.0.2 | Follow the instructions from the security bulletin mentioned above. | |
| IBM Business Automation Workflow Enterprise Service Bus | V22.0.2 | Follow the instructions from the security bulletin mentioned above. |
| IBM Business Process Manager Enterprise Service Bus | V8.6.0.0-2018.03 | Follow the instructions from the security bulletin mentioned above. |
Workarounds and Mitigations
None
Affected configurations
Node
ibmbusiness_process_manager_enterprise_service_busMatch8.6.0.0
ORibmbusiness_automation_workflowMatch22.0.2enterprise_service_bus
ORibmbusiness_automation_workflowMatch18.0.0.0
ORibmbusiness_automation_workflowMatch18.0.0.1
ORibmbusiness_automation_workflowMatch18.0.0.2
ORibmbusiness_automation_workflowMatch19.0.0.1
ORibmbusiness_automation_workflowMatch19.0.0.2
ORibmbusiness_automation_workflowMatch19.0.0.3
ORibmbusiness_automation_workflowMatch20.0.0.1
ORibmbusiness_automation_workflowMatch20.0.0.2
ORibmbusiness_automation_workflowMatch21.0.2
ORibmbusiness_automation_workflowMatch21.0.3
ORibmbusiness_automation_workflowMatch22.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | business_process_manager_enterprise_service_bus | 8.6.0.0 | cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 22.0.2 | cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:* |
| ibm | business_automation_workflow | 18.0.0.0 | cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 18.0.0.1 | cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 18.0.0.2 | cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 19.0.0.1 | cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 19.0.0.2 | cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 19.0.0.3 | cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 20.0.0.1 | cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:*:*:*:* |
| ibm | business_automation_workflow | 20.0.0.2 | cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:*:*:*:* |
Related
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java
2023-05-26 03:44:33
redhatcve
redhatcve
CVE-2023-30441
2023-04-20 21:01:11
cvelist
cvelist
CVE-2023-30441 IBM Java information disclosure
2023-04-29 14:40:40
nvd
nvd
CVE-2023-30441
2023-04-29 15:15:18
prion
prion
Information disclosure
2023-04-29 15:15:00
cve
cve
CVE-2023-30441
2023-04-29 15:15:18
nessus
nessus
IBM Java 8.0 < 8.0.7.15
2023-04-20 00:00:00
IBM Java 8.0.7 < 8.0.7.15 Information Exposure (6985011)
2023-05-17 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2022:6756)
2022-09-29 00:00:00
redhat
redhat
(RHSA-2022:6756) Moderate: java-1.8.0-ibm security update
2022-09-29 15:05:13
(RHSA-2022:6735) Moderate: java-1.8.0-ibm security update
2022-10-25 07:58:21
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2023-05-19 10:29:25
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2491-1)
2023-06-13 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
61.6%
Related for C6DE009F4833F1CAFB1ACC6E422D6633F7BD89D7D3ACBD99D58932ABE4D96E44