{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer aus dem angrenzenden Netzwerk kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2024-0755 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0755.json" }, { "category" : "self", "summary" : "WID-SEC-2024-0755 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0755" }, { "category" : "external", "summary" : "IBM Security Bulletin 7145620 vom 2024-04-01", "url" : "https://www.ibm.com/support/pages/node/7145620" }, { "category" : "external", "summary" : "IBM Security Bulletin 7145731 vom 2024-04-02", "url" : "https://www.ibm.com/support/pages/node/7145731" }, { "category" : "external", "summary" : "IBM Security Bulletin 7145901 vom 2024-04-04", "url" : "https://www.ibm.com/support/pages/node/7145901" }, { "category" : "external", "summary" : "IBM Security Bulletin 7145905 vom 2024-04-04", "url" : "https://www.ibm.com/support/pages/node/7145905" }, { "category" : "external", "summary" : "IBM Security Bulletin 7148334 vom 2024-04-16", "url" : "https://www.ibm.com/support/pages/node/7148334" }, { "category" : "external", "summary" : "IBM Security Bulletin 7150504 vom 2024-05-07", "url" : "https://www.ibm.com/support/pages/node/7150504" }, { "category" : "external", "summary" : "IBM Security Bulletin 7148953 vom 2024-05-29", "url" : "https://www.ibm.com/support/pages/node/7148953" }, { "category" : "external", "summary" : "IBM Security Bulletin 7158639 vom 2024-06-25", "url" : "https://www.ibm.com/support/pages/node/7158639" }, { "category" : "external", "summary" : "IBM Security Bulletin 7159010 vom 2024-06-27", "url" : "https://www.ibm.com/support/pages/node/7159010" } ], "source_lang" : "en-US", "title" : "IBM WebSphere Application Server: Schwachstelle ermöglicht Offenlegung von Informationen", "tracking" : { "current_release_date" : "2024-11-18T23:00:00.000+00:00", "generator" : { "date" : "2024-11-19T12:09:53.811+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.8" } }, "id" : "WID-SEC-W-2024-0755", "initial_release_date" : "2024-04-01T22:00:00.000+00:00", "revision_history" : [ { "date" : "2024-04-01T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2024-04-02T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-04-03T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-04-04T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-04-15T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-05-07T22:00:00.000+00:00", "number" : "6", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-05-21T22:00:00.000+00:00", "number" : "7", "summary" : "Referenz(en) aufgenommen: PH61385" }, { "date" : "2024-05-28T22:00:00.000+00:00", "number" : "8", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-06-24T22:00:00.000+00:00", "number" : "9", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-06-27T22:00:00.000+00:00", "number" : "10", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-11-18T23:00:00.000+00:00", "number" : "11", "summary" : "Prüfung Produkteintragung" } ], "status" : "final", "version" : "11" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "21.0.2", "product" : { "name" : "IBM Business Automation Workflow 21.0.2", "product_id" : "1055431", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:21.0.2" } } }, { "category" : "product_version", "name" : "21.0.3", "product" : { "name" : "IBM Business Automation Workflow 21.0.3", "product_id" : "1150328", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:21.0.3" } } }, { "category" : "product_version", "name" : "22.0.1", "product" : { "name" : "IBM Business Automation Workflow 22.0.1", "product_id" : "1268578", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:22.0.1" } } }, { "category" : "product_version", "name" : "18.0.0.0", "product" : { "name" : "IBM Business Automation Workflow 18.0.0.0", "product_id" : "389078", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.0" } } }, { "category" : "product_version", "name" : "18.0.0.1", "product" : { "name" : "IBM Business Automation Workflow 18.0.0.1", "product_id" : "389079", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.1" } } }, { "category" : "product_version", "name" : "18.0.0.2", "product" : { "name" : "IBM Business Automation Workflow 18.0.0.2", "product_id" : "428468", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.2" } } }, { "category" : "product_version", "name" : "19.0.0.1", "product" : { "name" : "IBM Business Automation Workflow 19.0.0.1", "product_id" : "433292", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.1" } } }, { "category" : "product_version", "name" : "19.0.0.2", "product" : { "name" : "IBM Business Automation Workflow 19.0.0.2", "product_id" : "672243", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.2" } } }, { "category" : "product_version", "name" : "19.0.0.3", "product" : { "name" : "IBM Business Automation Workflow 19.0.0.3", "product_id" : "672244", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.3" } } }, { "category" : "product_version", "name" : "20.0.0.1", "product" : { "name" : "IBM Business Automation Workflow 20.0.0.1", "product_id" : "867559", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:20.0.0.1" } } }, { "category" : "product_version", "name" : "20.0.0.2", "product" : { "name" : "IBM Business Automation Workflow 20.0.0.2", "product_id" : "867560", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:20.0.0.2" } } }, { "category" : "product_version", "name" : "22.0.2", "product" : { "name" : "IBM Business Automation Workflow 22.0.2", "product_id" : "T029703", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:22.0.2" } } }, { "category" : "product_version", "name" : "23.0.1", "product" : { "name" : "IBM Business Automation Workflow 23.0.1", "product_id" : "T031216", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:23.0.1" } } }, { "category" : "product_version", "name" : "23.0.2", "product" : { "name" : "IBM Business Automation Workflow 23.0.2", "product_id" : "T031777", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:business_automation_workflow:23.0.2" } } } ], "category" : "product_name", "name" : "Business Automation Workflow" }, { "branches" : [ { "category" : "product_version", "name" : "7.6.1.3", "product" : { "name" : "IBM Maximo Asset Management 7.6.1.3", "product_id" : "T034596", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:maximo_asset_management:7.6.1.3" } } } ], "category" : "product_name", "name" : "Maximo Asset Management" }, { "category" : "product_name", "name" : "IBM Rational ClearCase", "product" : { "name" : "IBM Rational ClearCase", "product_id" : "T004180", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearcase:-" } } }, { "branches" : [ { "category" : "product_version", "name" : "9.1", "product" : { "name" : "IBM Rational ClearQuest 9.1", "product_id" : "T021438", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearquest:9.1" } } }, { "category" : "product_version", "name" : "10", "product" : { "name" : "IBM Rational ClearQuest 10.0", "product_id" : "T027869", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:rational_clearquest:10.0" } } } ], "category" : "product_name", "name" : "Rational ClearQuest" }, { "branches" : [ { "category" : "product_version", "name" : "Key Lifecycle Manager 3.0", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 3.0", "product_id" : "T021011", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_3.0" } } }, { "category" : "product_version", "name" : "Key Lifecycle Manager 4.0", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 4.0", "product_id" : "T021012", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.0" } } }, { "category" : "product_version", "name" : "Key Lifecycle Manager 3.0.1", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 3.0.1", "product_id" : "T021013", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_3.0.1" } } }, { "category" : "product_version", "name" : "Key Lifecycle Manager 4.1.1", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 4.1.1", "product_id" : "T021015", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1" } } }, { "category" : "product_version", "name" : "Key Lifecycle Manager 4.1", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 4.1", "product_id" : "T021031", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1" } } }, { "category" : "product_version", "name" : "Key Lifecycle Manager 4.2", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 4.2", "product_id" : "T027545", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2" } } }, { "category" : "product_version", "name" : "Key Lifecycle Manager 4.2.1", "product" : { "name" : "IBM Security Guardium Key Lifecycle Manager 4.2.1", "product_id" : "T032873", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1" } } } ], "category" : "product_name", "name" : "Security Guardium" }, { "branches" : [ { "category" : "product_version", "name" : "6.3.0.7", "product" : { "name" : "IBM Tivoli Monitoring 6.3.0.7", "product_id" : "342008", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:tivoli_monitoring:6.3.0.7" } } } ], "category" : "product_name", "name" : "Tivoli Monitoring" }, { "branches" : [ { "category" : "product_version", "name" : "8.1.0", "product" : { "name" : "IBM Tivoli Netcool/OMNIbus 8.1.0", "product_id" : "700367", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0" } } } ], "category" : "product_name", "name" : "Tivoli Netcool/OMNIbus" }, { "branches" : [ { "category" : "product_version_range", "name" : "<9.0.5.20", "product" : { "name" : "IBM WebSphere Application Server <9.0.5.20", "product_id" : "T033818" } }, { "category" : "product_version", "name" : "9.0.5.20", "product" : { "name" : "IBM WebSphere Application Server 9.0.5.20", "product_id" : "T033818-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:websphere_application_server:9.0.5.20" } } }, { "category" : "product_version_range", "name" : "<8.5.5.26", "product" : { "name" : "IBM WebSphere Application Server <8.5.5.26", "product_id" : "T033819" } }, { "category" : "product_version", "name" : "8.5.5.26", "product" : { "name" : "IBM WebSphere Application Server 8.5.5.26", "product_id" : "T033819-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:websphere_application_server:8.5.5.26" } } } ], "category" : "product_name", "name" : "WebSphere Application Server" }, { "branches" : [ { "category" : "product_version", "name" : "8.5", "product" : { "name" : "IBM WebSphere Service Registry and Repository 8.5", "product_id" : "306235", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:websphere_service_registry_and_repository:8.5" } } } ], "category" : "product_name", "name" : "WebSphere Service Registry and Repository" } ], "category" : "vendor", "name" : "IBM" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2023-50313", "notes" : [ { "category" : "description", "text" : "Es besteht eine Schwachstelle in IBM WebSphere Application Server. Dieser Fehler besteht in den ausgehenden TLS-Verbindungen, da die Benutzerkonfiguration nicht beachtet wird. Ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status" : { "known_affected" : [ "672243", "T031216", "T031777", "672244", "700367", "1055431", "T021015", "433292", "T021438", "T021031", "342008", "T021013", "T021012", "T021011", "867559", "T032873", "1268578", "389079", "428468", "389078", "1150328", "T034596", "867560", "T027869", "T029703", "T004180", "T033818", "T027545", "T033819", "306235" ] }, "release_date" : "2024-04-01T22:00:00.000+00:00", "title" : "CVE-2023-50313" } ] }