CVE-2023-35890

Опубликовано: 07 июл. 2023

Источник: nvd

CVSS3: 5.1

CVSS3: 5.5

EPSS Низкий

Описание

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

Ссылки

https://https://www.ibm.com/support/pages/node/7007857
Broken Link
https://www.ibm.com/support/pages/node/7007857
Vendor Advisory
https://https://www.ibm.com/support/pages/node/7007857
Broken Link
https://www.ibm.com/support/pages/node/7007857
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:8.5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:9.0.5.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:9.0.5.16:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00011

Низкий

5.1 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-327

Связанные уязвимости

GHSA-9jmh-rhgv-38vc

CVSS3: 5.1

github

больше 2 лет назад

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

EPSS

Процентиль: 1%

0.00011

Низкий

5.1 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-327