IBM WebSphere Liberty 1724 TLS Config Downgrade Vulnerability
CVE-2023-50312 Published on March 1, 2024

IBM WebSphere Application Server Liberty information disclosure
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.

Products Associated with CVE-2023-50312

Want to know whenever a new CVE is published for IBM WebSphere Application Server? stack.watch will email you.

IBM WebSphere Application Server

Affected Versions

IBM WebSphere Application Server Liberty:

Version 17.0.0.3, <= 24.0.0.2 is affected.

Exploit Probability

EPSS

0.03%

Percentile

8.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM WebSphere Liberty 1724 TLS Config Downgrade VulnerabilityCVE-2023-50312 Published on March 1, 2024

Vulnerability Analysis

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

Products Associated with CVE-2023-50312

Affected Versions

Exploit Probability

IBM WebSphere Liberty 1724 TLS Config Downgrade Vulnerability
CVE-2023-50312 Published on March 1, 2024