5.9

CVE-2023-50315

EPSS 0.15%
Veröffentlicht 14.08.2024 17:15:14
Zuletzt bearbeitet 11.09.2024 13:38:26
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274714.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Websphere Application Server Version8.5.0.0

Ibm ≫ Websphere Application Server Version9.0.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://exchange.xforce.ibmcloud.com/vulnerabilities/274714

Vendor Advisory

https://www.ibm.com/support/pages/node/7165511

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50315

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50315

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50315

EUVD