CVE-2023-35890 — Use of a Broken or Risky Cryptographic Algorithm in IBM Websphere Application Server

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

5.5MEDIUMNVD

CNA5.1

EPSS

0.0%

top 98.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 7

Description

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/websphere_application_server8.5, 9.0

▶NVDibm/websphere_application_server8.5.5.23, 9.0.5.15, 9.0.5.16+2

🔴Vulnerability Details

GHSA

GHSA-9jmh-rhgv-38vc: IBM WebSphere Application Server 8↗2023-07-07

▶

CVEList

IBM WebSphere Application Server information disclosure↗2023-07-07

▶