Description

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Related CPE's

a

ibm

websphere_application_server

2

o

hp

hp-ux

-

o

ibm

aix

-

o

ibm

i

-

o

ibm

z\/os

-

o

linux

linux_kernel

-

o

microsoft

windows

-

o

oracle

solaris

-

*

*

*

*

*

-

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/241045

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6857007

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-327

[email protected]

Secondary
CWE-327

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-26T21:17:49.503

1 year ago

Last modified

2023-11-07T03:54:07.590

8 months ago