CVE-2023-50314Improper Certificate Validation in IBM Websphere Application Liberty

CWE-295Improper Certificate ValidationCWE-284Improper Access Control4 documents4 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.1%
top 73.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere Application LibertyIBM Websphere Application Server
Timeline
PublishedAug 14

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_application_server17.0.0.324.0.0.8
CVEListV5ibm/websphere_application_liberty17.0.0.324.0.0.8

🔴Vulnerability Details

2
CVEList
IBM WebSphere Application Server Libery information disclosure2024-08-14
GHSA
GHSA-jjch-2577-r3c2: IBM WebSphere Application Server Liberty 172024-08-14

📋Vendor Advisories

1
Microsoft
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability2023-10-10
CVE-2023-50314 — Improper Certificate Validation in IBM | cvebase