Main Vulnerability Database Vulnerabilities #VU86988

Use of a broken or risky cryptographic algorithm in IBM WebSphere Application Server Liberty - CVE-2023-50312

Published: March 4, 2024

Vulnerability identifier: #VU86988

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-50312

CWE-ID: CWE-327

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM WebSphere Application Server Liberty

Detailed vulnerability description

The vulnerability allows an adjacent attacker to gain access to potentially sensitive information.

The vulnerability exists due to weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. An adjacent attacker can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2023-50312

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7125527
https://exchange.xforce.ibmcloud.com/vulnerabilities/274711

Use of a broken or risky cryptographic algorithm in IBM WebSphere Application Server Liberty - CVE-2023-50312

Detailed vulnerability description

How to mitigate CVE-2023-50312

Sources

Please verify you're human