#VU82350 Resource management error in IBM WebSphere Application Server Liberty


Published: 2023-10-24

Vulnerability identifier: #VU82350

Vulnerability risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46158

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper resource expiration handling. A remote attacker can bypass implemented security restrictions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM WebSphere Application Server Liberty: 23.0.0.9 - 23.0.0.10

External links
http://www.ibm.com/support/pages/node/7058356

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Resource management error in IBM Match 360
Resource management error in IBM Sterling B2B Integrator
Multiple vulnerabilities in IBM Storage Scale System
Multiple vulnerabilities in IBM InfoSphere Identity Insight
Multiple vulnerabilities in IBM Security Verify Directory
Resource exhaustion in IBM Maximo Application Suite - Predict Component
Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management
Multiple vulnerabilities in IBM Common Licensing
Multiple vulnerabilities in IBM Operational Decision Manager
Resource management error in IBM CICS Transaction Gateway Desktop Edition and for Multiplatforms