#VU86988 Use of a broken or risky cryptographic algorithm in IBM WebSphere Application Server Liberty


Published: 2024-03-04

Vulnerability identifier: #VU86988

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-50312

CWE-ID: CWE-327

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor:

Description

The vulnerability allows an adjacent attacker to gain access to potentially sensitive information.

The vulnerability exists due to weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. An adjacent attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.ibm.com/support/pages/node/7125527
http://exchange.xforce.ibmcloud.com/vulnerabilities/274711

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM TXSeries for Multiplatforms
Multiple vulnerabilities in IBM CICS TX Advanced
Multiple vulnerabilities in IBM CICS TX Standard
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Use of a broken or risky cryptographic algorithm in IBM Voice Gateway
Use of a broken or risky cryptographic algorithm in IBM Storage Scale
Use of a broken or risky cryptographic algorithm in IBM PowerVM Novalink
Multiple vulnerabilities in IBM InfoSphere Identity Insight
Multiple vulnerabilities in IBM Operations Analytics Predictive Insights
Use of a broken or risky cryptographic algorithm in IBM Engineering Lifecycle Engineering