{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.", "title" : "Angriff" }, { "category" : "general", "text" : "- UNIX\n- Linux\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2023-0308 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0308.json" }, { "category" : "self", "summary" : "WID-SEC-2023-0308 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0308" }, { "category" : "external", "summary" : "IBM Security Bulletin: 6953779 vom 2023-02-08", "url" : "https://www.ibm.com/support/pages/node/6953779" }, { "category" : "external", "summary" : "IBM Security Bulletin 6955815 vom 2023-02-15", "url" : "https://www.ibm.com/support/pages/node/6955815" }, { "category" : "external", "summary" : "IBM Security Bulletin 6962821 vom 2023-03-10", "url" : "https://www.ibm.com/support/pages/node/6962821" }, { "category" : "external", "summary" : "IBM Security Bulletin 7124093 vom 2024-02-28", "url" : "https://www.cybersecurity-help.cz/vdb/SB2024022806" } ], "source_lang" : "en-US", "title" : "IBM WebSphere Application Server Liberty: Schwachstelle ermöglicht Offenlegung von Informationen", "tracking" : { "current_release_date" : "2024-02-27T23:00:00.000+00:00", "generator" : { "date" : "2024-08-15T17:43:14.666+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.5" } }, "id" : "WID-SEC-W-2023-0308", "initial_release_date" : "2023-02-08T23:00:00.000+00:00", "revision_history" : [ { "date" : "2023-02-08T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2023-02-15T23:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-03-12T23:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-02-27T23:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von IBM aufgenommen" } ], "status" : "final", "version" : "4" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "IBM Business Automation Workflow", "product" : { "name" : "IBM Business Automation Workflow", "product_id" : "T019704", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:-" } } }, { "branches" : [ { "category" : "product_version", "name" : "8.10.x", "product" : { "name" : "IBM Operational Decision Manager 8.10.x", "product_id" : "T027827", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:operational_decision_manager:8.10.x" } } }, { "category" : "product_version", "name" : "8.11.x", "product" : { "name" : "IBM Operational Decision Manager 8.11.x", "product_id" : "T027828", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:operational_decision_manager:8.11.x" } } }, { "category" : "product_version", "name" : "8.12.x", "product" : { "name" : "IBM Operational Decision Manager 8.12.x", "product_id" : "T030120", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:operational_decision_manager:8.12.x" } } } ], "category" : "product_name", "name" : "Operational Decision Manager" }, { "branches" : [ { "category" : "product_version", "name" : "9.1", "product" : { "name" : "IBM TXSeries 9.1", "product_id" : "T015903", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:txseries:for_multiplatforms_9.1" } } }, { "category" : "product_version", "name" : "8.2", "product" : { "name" : "IBM TXSeries 8.2", "product_id" : "T015904", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:txseries:for_multiplatforms_8.2" } } }, { "category" : "product_version", "name" : "8.1", "product" : { "name" : "IBM TXSeries 8.1", "product_id" : "T015905", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:txseries:for_multiplatforms_8.1" } } } ], "category" : "product_name", "name" : "TXSeries" }, { "branches" : [ { "category" : "product_version", "name" : "liberty 21.0.0.12 - 23.0.0.1", "product" : { "name" : "IBM WebSphere Application Server liberty 21.0.0.12 - 23.0.0.1", "product_id" : "T026184", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:websphere_application_server:liberty_21.0.0.12_-_23.0.0.1" } } } ], "category" : "product_name", "name" : "WebSphere Application Server" } ], "category" : "vendor", "name" : "IBM" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2022-45787", "notes" : [ { "category" : "description", "text" : "Es existiert eine Schwachstelle in IBM WebSphere Application Server Liberty. Diese ist auf einen Fehler in der Komponente \"Apache James MIME4J\" zurückzuführen, der aufgrund eines Fehlers in der Berechtigungsvergabe für temporäre Dateien besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen." } ], "product_status" : { "known_affected" : [ "T026184", "T015905", "T015904", "T027827", "T015903", "T027828", "T019704", "T030120" ] }, "release_date" : "2023-02-08T23:00:00.000+00:00", "title" : "CVE-2022-45787" } ] }