cvelistv5 - CVE-2023-23477

CVE-2023-23477 (GCVE-0-2023-23477)

Vulnerability from cvelistv5

Published

2023-02-03 17:24

Modified

2025-03-25 19:46

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

References

URL

Tags

psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/245513	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6891111	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/245513	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6891111	Vendor Advisory

Impacted products

	Vendor	Product	Version
	IBM	WebSphere Application Server	Version: 8.5, 9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:32.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6891111"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23477",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-25T19:46:27.679211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T19:46:39.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.5, 9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.  IBM X-Force ID:  245513."
            }
          ],
          "value": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.  IBM X-Force ID:  245513."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-03T17:24:13.649Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6891111"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM WebSphere Application Server code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-23477",
    "datePublished": "2023-02-03T17:24:13.649Z",
    "dateReserved": "2023-01-12T16:24:46.604Z",
    "dateUpdated": "2025-03-25T19:46:39.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23477\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2023-02-03T19:15:13.927\",\"lastModified\":\"2024-11-21T07:46:16.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.  IBM X-Force ID:  245513.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30E8CE2-9137-4669-AE86-FB8ED0899736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F480AA32-841A-4E68-9343-B2E7548B0A0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FC45-C9BA-4EF0-BD06-BB289450DD21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:z\\\\/os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E97A964-6F9E-4C87-9B90-21AE2C1DF52F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91F372EA-3A78-4703-A457-751B2C98D796\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/245513\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6891111\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/245513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6891111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"WebSphere Application Server\", \"vendor\": \"IBM\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5, 9.0\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.  IBM X-Force ID:  245513.\"}], \"value\": \"IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.  IBM X-Force ID:  245513.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2023-02-03T17:24:13.649Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://www.ibm.com/support/pages/node/6891111\"}, {\"tags\": [\"vdb-entry\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/245513\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"IBM WebSphere Application Server code execution\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:32.204Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://www.ibm.com/support/pages/node/6891111\"}, {\"tags\": [\"vdb-entry\", \"x_transferred\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/245513\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23477\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-25T19:46:27.679211Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-25T19:46:31.381Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23477\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"ibm\", \"dateReserved\": \"2023-01-12T16:24:46.604Z\", \"datePublished\": \"2023-02-03T17:24:13.649Z\", \"dateUpdated\": \"2025-03-25T19:46:39.725Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0076

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Secure Proxy version 6.0.3 sans le correctif de sécurité iFix06
IBM	Sterling	IBM Sterling External Authentication Server version 6.1.0 sans le correctif de sécurité iFix02
IBM	Sterling	IBM Sterling External Authentication Server version 6.0.3 sans le correctif de sécurité iFix06
IBM	WebSphere	IBM WebSphere Application Server versions 8.5.x antérieures à 8.5.5.20
IBM	WebSphere	IBM WebSphere Application Server versions 9.0.x antérieures à 9.0.5.8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6890669 du 31 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6890665 du 31 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6890663 du 31 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6891111 du 31 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Secure Proxy version 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix06",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling External Authentication Server version 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix02",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling External Authentication Server version 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix06",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.20",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.8",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-31772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31772"
    },
    {
      "name": "CVE-2021-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
    },
    {
      "name": "CVE-2022-34362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34362"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2022-35720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35720"
    },
    {
      "name": "CVE-2022-23437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
    }
  ],
  "initial_release_date": "2023-02-01T00:00:00",
  "last_revision_date": "2023-02-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0076",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6890669 du 31 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6890669"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6890665 du 31 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6890665"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6890663 du 31 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6890663"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6891111 du 31 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6891111"
    }
  ]
}

CERTFR-2023-AVI-0086

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	WebSphere	IBM WebSphere Remote Server versions 9.0 et 8.5 sans le dernier correctif de sécurité
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.2_iFix034
IBM	N/A	IBM Sterling Connect:Direct File Agent versions 1.4.0.0 à 1.4.0.2_iFix025 antérieures à 1.4.0.2_iFix026 sur AIX, Linux, Solaris et Windows
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.0.0 à 1.4.0.2_iFix025 antérieures à 1.4.0.2_iFix036 sur HP-UX
IBM	Spectrum	IBM Spectrum Protect Plus File Systems Agent versions 10.1.6.x à 10.1.13.x antérieures à 10.1.13.1
IBM	Sterling	IBM Sterling B2B Integrator versions 6.x antérieures à 6.1.2.1
IBM	WebSphere	IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.3.3.5 sans le correctif de sécurité temporaire 1.0.0.0-WS-WASPATTERNS-JDK-2210

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6909455 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909465 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909477 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6857265 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909983 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6597193 du 02 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6912697 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909481 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6597191 du 02 février 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.2_iFix034",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.0 \u00e0 1.4.0.2_iFix025 ant\u00e9rieures \u00e0 1.4.0.2_iFix026 sur AIX, Linux, Solaris et Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.0 \u00e0 1.4.0.2_iFix025 ant\u00e9rieures \u00e0 1.4.0.2_iFix036 sur HP-UX",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.6.x \u00e0 10.1.13.x ant\u00e9rieures \u00e0 10.1.13.1",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.3.3.5 sans le correctif de s\u00e9curit\u00e9 temporaire 1.0.0.0-WS-WASPATTERNS-JDK-2210",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2022-43869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43869"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2022-3676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3676"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    }
  ],
  "initial_release_date": "2023-02-02T00:00:00",
  "last_revision_date": "2023-02-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0086",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909455 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909465 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909477 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6857265 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909983 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6597193 du 02 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6912697 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909481 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6597191 du 02 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    }
  ]
}

CERTFR-2023-AVI-0128

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling B2B Integrator versions 6.0.0.0 à 6.0.3.7 antérieures à 6.0.3.8
IBM	N/A	IBM Connect Direct Web Services versions 6.0 antérieures à 6.0.0.13
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Browser User Interface versions antérieures à 1.5.0.2 sans le correctif de sécurité iFix-34
IBM	N/A	IBM Connect Direct Web Services versions 6.1.0 antérieures à 6.1.0.17
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Browser User Interface versions antérieures à 1.4.1.1 sans le correctif de sécurité iFix-34
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.2.0 antérieures à 6.2.0.13
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.0.0 à 6.1.2.0 antérieures à 6.1.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6955779 du 15 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6955547 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6955777 du 15 février 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling B2B Integrator versions 6.0.0.0 \u00e0 6.0.3.7 ant\u00e9rieures \u00e0 6.0.3.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connect Direct Web Services versions 6.0 ant\u00e9rieures \u00e0 6.0.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Browser User Interface versions ant\u00e9rieures \u00e0 1.5.0.2 sans le correctif de s\u00e9curit\u00e9 iFix-34",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connect Direct Web Services versions 6.1.0 ant\u00e9rieures \u00e0 6.1.0.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Browser User Interface versions ant\u00e9rieures \u00e0 1.4.1.1 sans le correctif de s\u00e9curit\u00e9 iFix-34",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.2.0 ant\u00e9rieures \u00e0 6.2.0.13",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.0.0 \u00e0 6.1.2.0 ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    }
  ],
  "initial_release_date": "2023-02-15T00:00:00",
  "last_revision_date": "2023-02-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0128",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6955779 du 15 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6955779"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6955547 du 14 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6955547"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6955777 du 15 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6955777"
    }
  ]
}

CERTFR-2023-AVI-0116

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 6.0.x antérieures à 6.0.0.2.iFix145
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 6.2.x antérieures à 6.2.0.5.iFix021
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 4.3.x antérieures à 4.3.0.1.iFix109
IBM	Sterling	IBM Sterling B2B Integrator version 6.1.0.0 à 6.1.2.0 antérieures à 6.1.2.1
IBM	Sterling	IBM Sterling B2B Integrator version 6.0.0.0 à 6.0.3.7 antérieures à 6.0.3.8
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 6.1.x antérieures à 6.1.0.4.iFix077

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6954763 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954453 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954767 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954771 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954469 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954765 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954471 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954727 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954467 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954465 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix145",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.5.iFix021",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 4.3.x ant\u00e9rieures \u00e0 4.3.0.1.iFix109",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator version 6.1.0.0 \u00e0 6.1.2.0 ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator version 6.0.0.0 \u00e0 6.0.3.7 ant\u00e9rieures \u00e0 6.0.3.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.4.iFix077",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-38875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38875"
    },
    {
      "name": "CVE-2022-31772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31772"
    },
    {
      "name": "CVE-2019-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4378"
    },
    {
      "name": "CVE-2019-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4465"
    },
    {
      "name": "CVE-2020-4320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4320"
    },
    {
      "name": "CVE-2019-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4049"
    },
    {
      "name": "CVE-2019-4277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4277"
    },
    {
      "name": "CVE-2021-38949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38949"
    },
    {
      "name": "CVE-2020-4319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4319"
    },
    {
      "name": "CVE-2019-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4055"
    },
    {
      "name": "CVE-2022-40231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40231"
    },
    {
      "name": "CVE-2020-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4682"
    },
    {
      "name": "CVE-2022-40232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40232"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2020-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4375"
    },
    {
      "name": "CVE-2020-4267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4267"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2019-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4614"
    },
    {
      "name": "CVE-2019-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4762"
    },
    {
      "name": "CVE-2021-29843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29843"
    },
    {
      "name": "CVE-2019-4655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4655"
    },
    {
      "name": "CVE-2020-4338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4338"
    },
    {
      "name": "CVE-2019-4656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4656"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2019-12415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
    },
    {
      "name": "CVE-2022-22970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
    },
    {
      "name": "CVE-2022-31159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
    },
    {
      "name": "CVE-2019-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4560"
    },
    {
      "name": "CVE-2022-43579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43579"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2019-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4619"
    },
    {
      "name": "CVE-2019-4261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4261"
    },
    {
      "name": "CVE-2019-4719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4719"
    },
    {
      "name": "CVE-2022-34165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
    },
    {
      "name": "CVE-2020-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4465"
    }
  ],
  "initial_release_date": "2023-02-13T00:00:00",
  "last_revision_date": "2023-02-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954767"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954771"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954763"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954765"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954465"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954471"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954453"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954469"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954467"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954727"
    }
  ],
  "reference": "CERTFR-2023-AVI-0116",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code\nindirecte \u00e0 distance (XSS) et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954763 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954453 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954767 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954771 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954469 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954765 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954471 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954727 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954467 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954465 du 09 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

fkie_cve-2023-23477

Vulnerability from fkie_nvd

Published

2023-02-03 19:15

Modified

2024-11-21 07:46

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/245513	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6891111	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/245513	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6891111	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	websphere_application_server	8.5
ibm	websphere_application_server	9.0
hp	hp-ux	-
ibm	aix	-
ibm	i	-
ibm	z\/os	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30E8CE2-9137-4669-AE86-FB8ED0899736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.  IBM X-Force ID:  245513."
    }
  ],
  "id": "CVE-2023-23477",
  "lastModified": "2024-11-21T07:46:16.563",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-03T19:15:13.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6891111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6891111"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

ghsa-34mr-cvr4-m435

Vulnerability from github

Published

2023-02-03 21:30

Modified

2023-02-10 06:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23477"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.",
  "id": "GHSA-34mr-cvr4-m435",
  "modified": "2023-02-10T06:30:41Z",
  "published": "2023-02-03T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23477"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6891111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2023-0237

Vulnerability from csaf_certbund

Published

2023-01-31 23:00

Modified

2023-06-05 22:00

Summary

IBM WebSphere Application Server: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM WebSphere Application Server ist ein J2EE-Applikationsserver. Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server und IBM Maximo Asset Management ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.\r\nMaximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server und IBM Maximo Asset Management ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0237 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0237.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0237 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0237"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0104902 vom 2023-06-05",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104902"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6965702 vom 2023-03-23",
        "url": "https://www.ibm.com/support/pages/node/6965702"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6958458 vom 2023-02-27",
        "url": "https://www.ibm.com/support/pages/node/6958458"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6958675 vom 2023-02-28",
        "url": "https://www.ibm.com/support/pages/node/6958675"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6891111 vom 2023-01-31",
        "url": "https://www.ibm.com/support/pages/node/6891111"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6891159 vom 2023-01-31",
        "url": "https://www.ibm.com/support/pages/node/6891159"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6953483 vom 2023-02-07",
        "url": "https://www.ibm.com/support/pages/node/6953483"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6953461 vom 2023-02-06",
        "url": "https://www.ibm.com/support/pages/node/6953461"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6953497 vom 2023-02-07",
        "url": "https://www.ibm.com/support/pages/node/6953497"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6954723 vom 2023-02-13",
        "url": "https://www.ibm.com/support/pages/node/6954723"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6955547 vom 2023-02-14",
        "url": "https://www.ibm.com/support/pages/node/6955547"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM WebSphere Application Server: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2023-06-05T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:42:47.821+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0237",
      "initial_release_date": "2023-01-31T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-01-31T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-02-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-02-14T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-02-27T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-03-22T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-05T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Maximo Asset Management 7.6.1",
            "product": {
              "name": "IBM Maximo Asset Management 7.6.1",
              "product_id": "389168",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Rational ClearCase 9.0.2",
                "product": {
                  "name": "IBM Rational ClearCase 9.0.2",
                  "product_id": "T021422",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Rational ClearCase 9.1",
                "product": {
                  "name": "IBM Rational ClearCase 9.1",
                  "product_id": "T021423",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Rational ClearCase 10.0.0",
                "product": {
                  "name": "IBM Rational ClearCase 10.0.0",
                  "product_id": "T026520",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:10.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational ClearCase"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
                  "product_id": "T005246",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
                  "product_id": "T007073",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.0",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.0",
                  "product_id": "T018400",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Access Manager for Enterprise Single Sign-On"
          },
          {
            "category": "product_name",
            "name": "IBM Security Identity Manager",
            "product": {
              "name": "IBM Security Identity Manager",
              "product_id": "T023840",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:security_identity_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Netcool/OMNIbus",
            "product": {
              "name": "IBM Tivoli Netcool/OMNIbus",
              "product_id": "T004181",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM WebSphere Application Server 8.5",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5",
                  "product_id": "703851",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM WebSphere Application Server 9.0",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0",
                  "product_id": "703852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Service Registry and Repository",
            "product": {
              "name": "IBM WebSphere Service Registry and Repository",
              "product_id": "131492",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:6.0.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23477",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in IBM WebSphere Application Server. Es besteht eine Verwundbarkeit gegen\u00fcber einem Angriff mit einer Sequenz mit speziell angefertigten serialisierten Objekten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005246",
          "389168",
          "703851",
          "703852",
          "T018400",
          "T021423",
          "T021422",
          "T019704",
          "T004181",
          "T026238",
          "T007073",
          "T023840",
          "131492",
          "T026520"
        ]
      },
      "release_date": "2023-01-31T23:00:00.000+00:00",
      "title": "CVE-2023-23477"
    }
  ]
}

WID-SEC-W-2023-0237

Vulnerability from csaf_certbund

Published

2023-01-31 23:00

Modified

2023-06-05 22:00

Summary

IBM WebSphere Application Server: Schwachstelle ermöglicht Codeausführung

Notes

Produktbeschreibung

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server und IBM Maximo Asset Management ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.\r\nMaximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server und IBM Maximo Asset Management ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0237 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0237.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0237 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0237"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0104902 vom 2023-06-05",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104902"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6965702 vom 2023-03-23",
        "url": "https://www.ibm.com/support/pages/node/6965702"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6958458 vom 2023-02-27",
        "url": "https://www.ibm.com/support/pages/node/6958458"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6958675 vom 2023-02-28",
        "url": "https://www.ibm.com/support/pages/node/6958675"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6891111 vom 2023-01-31",
        "url": "https://www.ibm.com/support/pages/node/6891111"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6891159 vom 2023-01-31",
        "url": "https://www.ibm.com/support/pages/node/6891159"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6953483 vom 2023-02-07",
        "url": "https://www.ibm.com/support/pages/node/6953483"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6953461 vom 2023-02-06",
        "url": "https://www.ibm.com/support/pages/node/6953461"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6953497 vom 2023-02-07",
        "url": "https://www.ibm.com/support/pages/node/6953497"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6954723 vom 2023-02-13",
        "url": "https://www.ibm.com/support/pages/node/6954723"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6955547 vom 2023-02-14",
        "url": "https://www.ibm.com/support/pages/node/6955547"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM WebSphere Application Server: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2023-06-05T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:42:47.821+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0237",
      "initial_release_date": "2023-01-31T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-01-31T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-02-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-02-14T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-02-27T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-03-22T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-05T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Maximo Asset Management 7.6.1",
            "product": {
              "name": "IBM Maximo Asset Management 7.6.1",
              "product_id": "389168",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Rational ClearCase 9.0.2",
                "product": {
                  "name": "IBM Rational ClearCase 9.0.2",
                  "product_id": "T021422",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Rational ClearCase 9.1",
                "product": {
                  "name": "IBM Rational ClearCase 9.1",
                  "product_id": "T021423",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Rational ClearCase 10.0.0",
                "product": {
                  "name": "IBM Rational ClearCase 10.0.0",
                  "product_id": "T026520",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:10.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational ClearCase"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
                  "product_id": "T005246",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
                  "product_id": "T007073",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.0",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.0",
                  "product_id": "T018400",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Access Manager for Enterprise Single Sign-On"
          },
          {
            "category": "product_name",
            "name": "IBM Security Identity Manager",
            "product": {
              "name": "IBM Security Identity Manager",
              "product_id": "T023840",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:security_identity_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Netcool/OMNIbus",
            "product": {
              "name": "IBM Tivoli Netcool/OMNIbus",
              "product_id": "T004181",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM WebSphere Application Server 8.5",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5",
                  "product_id": "703851",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM WebSphere Application Server 9.0",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0",
                  "product_id": "703852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Service Registry and Repository",
            "product": {
              "name": "IBM WebSphere Service Registry and Repository",
              "product_id": "131492",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:6.0.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23477",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in IBM WebSphere Application Server. Es besteht eine Verwundbarkeit gegen\u00fcber einem Angriff mit einer Sequenz mit speziell angefertigten serialisierten Objekten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005246",
          "389168",
          "703851",
          "703852",
          "T018400",
          "T021423",
          "T021422",
          "T019704",
          "T004181",
          "T026238",
          "T007073",
          "T023840",
          "131492",
          "T026520"
        ]
      },
      "release_date": "2023-01-31T23:00:00.000+00:00",
      "title": "CVE-2023-23477"
    }
  ]
}

cnvd-2023-07975

Vulnerability from cnvd

Title

IBM WebSphere Application Server代码注入漏洞

Description

IBM WebSphere Application Server（WAS）是美国国际商业机器（IBM）公司的一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台，也是IBMWebSphere软件平台的基础。 IBM WebSphere Application Server存在代码注入漏洞。攻击者利用该漏洞在系统上使用特制的序列化对象序列执行任意代码。

Severity

高

Patch Name

IBM WebSphere Application Server代码注入漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/6891111

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-23477

Impacted products

Name
['IBM WebSphere Application Server 8.5', 'IBM WebSphere Application Server 9.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-23477"
    }
  },
  "description": "IBM WebSphere Application Server\uff08WAS\uff09\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u662fJavaEE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBMWebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002\n\nIBM WebSphere Application Server\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u4f7f\u7528\u7279\u5236\u7684\u5e8f\u5217\u5316\u5bf9\u8c61\u5e8f\u5217\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/6891111",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-07975",
  "openTime": "2023-02-10",
  "patchDescription": "IBM WebSphere Application Server\uff08WAS\uff09\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u662fJavaEE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBMWebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002\r\n\r\nIBM WebSphere Application Server\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u4f7f\u7528\u7279\u5236\u7684\u5e8f\u5217\u5316\u5bf9\u8c61\u5e8f\u5217\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM WebSphere Application Server\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM WebSphere Application Server 8.5",
      "IBM WebSphere Application Server 9.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-23477",
  "serverity": "\u9ad8",
  "submitTime": "2023-02-09",
  "title": "IBM WebSphere Application Server\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

gsd-2023-23477

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-23477

Aliases

CVE-2023-23477

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23477",
    "id": "GSD-2023-23477"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23477"
      ],
      "details": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.",
      "id": "GSD-2023-23477",
      "modified": "2023-12-13T01:20:50.142202Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2023-23477",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WebSphere Application Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "8.5, 9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6891111",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/6891111"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2023-23477"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6891111",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6891111"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513",
              "refsource": "MISC",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245513"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-10T04:54Z",
      "publishedDate": "2023-02-03T19:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-23477 (GCVE-0-2023-23477)

Vulnerability from cvelistv5

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from fkie_nvd

Vulnerability from github

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from cnvd

Vulnerability from gsd

Tags

Sightings

Nomenclature