Home » IBM WebSphere Application Server is weak: Vulnerability may enable info disclosure

IBM WebSphere Application Server is weak: Vulnerability may enable info disclosure

by admin
IBM WebSphere Application Server is weak: Vulnerability may enable info disclosure

An IT safety alert replace for a identified vulnerability has been issued for IBM WebSphere Application Server. You can learn how affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) revealed an replace on June 2, 2024 for a safety vulnerability in IBM WebSphere Application Server identified on February 28, 2024. The safety vulnerability impacts the working techniques Linux, MacOS X, UNIX and Windows and IBM Business Automation Workflow merchandise, IBM WebSphere Application Server and IBM Storage Scale.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: IBM Security Bulletin 7156267 (As of June 3, 2024). Some helpful hyperlinks are listed later on this article.

IBM WebSphere Application Server Security Advisory – Risk: Moderate

Risk stage: 2 (average)
CVSS Base Score: 5.3
CVSS provisional rating: 4,6
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop techniques. The CVSS customary makes it potential to match potential or precise safety dangers based mostly on numerous standards to be able to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally take into consideration modifications over time within the threat scenario. The severity of the present vulnerability is assessed as “average” based on the CVSS with a base rating of 5.3.

See also  iPhone Practical Skills Tutorial 3 Secret Techniques To Prevent Cell Phone Surveillance - ezone.hk - Tutorial Review - Secret Techniques App

IBM WebSphere Application Server Bug: Vulnerability may enable info disclosure

IBM WebSphere Application Server is a J2EE utility server.

An unknown attacker may exploit a vulnerability in an IBM WebSphere utility server to reveal info.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2023-50312 on the market.

Systems affected by the safety hole at a look

Operating techniques
Linux, MacOS X, UNIX, Windows

Products
IBM Business Automation Workflow (cpe:/a:ibm:business_automation_workflow)
IBM WebSphere Application Server IBM Storage Scale 5.1.0.0-5.1.9.2 (cpe:/a:ibm:spectrum_scale)

General suggestions for coping with IT vulnerabilities

  1. Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace obtainable.

Sources for updates, patches and workarounds

Here you will see that some hyperlinks with details about bug experiences, safety fixes and workarounds.

IBM Security Bulletin 7156267 vom 2024-06-03 (02.06.2024)
For extra info, see:

IBM Security Bulletin 7149708 vom 2024-04-29 (28.04.2024)
For extra info, see:

IBM Security Bulletin vom 2024-02-28 (28.02.2024)
For extra info, see:

Version historical past of this safety alert

This is the third model of this IBM WebSphere Application Server IT safety advisory. If additional updates are introduced, this doc will probably be up to date. You can examine modifications or additions on this model historical past.

See also  Conduct and record video interviews

02/28/2024 – First model
April 28, 2024 – Added new updates from IBM
June 2, 2024 – New updates from IBM added

+++ Editorial word: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial crew.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy