IBM WAS 8.5/9.0 TLS Config Failure Weak Outbound Security
CVE-2023-50313 Published on April 2, 2024

IBM WebSphere Application Server information disclosure
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.

Products Associated with CVE-2023-50313

Want to know whenever a new CVE is published for IBM WebSphere Application Server? stack.watch will email you.

IBM WebSphere Application Server

Affected Versions

IBM WebSphere Application Server Version 8.5, 9.0 is affected by CVE-2023-50313

Exploit Probability

EPSS

0.02%

Percentile

4.96%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM WAS 8.5/9.0 TLS Config Failure Weak Outbound SecurityCVE-2023-50313 Published on April 2, 2024

Vulnerability Analysis

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

Products Associated with CVE-2023-50313

Affected Versions

Exploit Probability

IBM WAS 8.5/9.0 TLS Config Failure Weak Outbound Security
CVE-2023-50313 Published on April 2, 2024