Vulnerability Name:

CVE-2023-30441 (CCN-253188)

Assigned:2023-04-28
Published:2023-04-28
Updated:2023-05-09
Summary:IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2023-30441

Source: psirt@us.ibm.com
Type: VDB Entry, Vendor Advisory
psirt@us.ibm.com

Source: XF
Type: UNKNOWN
ibm-java-cve202330441-info-disc(253188)

Source: CCN
Type: IBM Security Bulletin 6985011 (Java)
CVE-2023-30441 affects IBM SDK, Java Technology Edition

Source: psirt@us.ibm.com
Type: Vendor Advisory
psirt@us.ibm.com

Source: CCN
Type: IBM Security Bulletin 6985503 (Virtualization Engine TS7700 3957-VEC)
IBM Virtualization Engine TS7700 is vulnerable to various cryptographic attacks due to use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6986617 (WebSphere Application Server)
Vulnerability in IBM? Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441

Source: psirt@us.ibm.com
Type: Vendor Advisory
psirt@us.ibm.com

Source: CCN
Type: IBM Security Bulletin 6986637 (z/Transaction Processing Facility)
A vulnerability in IBM Java Runtime and in IBM Semeru Runtime affects z/Transaction Processing Facility

Source: psirt@us.ibm.com
Type: Vendor Advisory
psirt@us.ibm.com

Source: CCN
Type: IBM Security Bulletin 6987167 (InfoSphere Information Server)
A vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2023-30441)

Source: psirt@us.ibm.com
Type: Vendor Advisory
psirt@us.ibm.com

Source: CCN
Type: IBM Security Bulletin 6987815 (Business Automation Workflow)
Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Source: CCN
Type: IBM Security Bulletin 6995527 (MQ Appliance)
IBM MQ Appliance is affected by an IBM Java vulnerability (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6995533 (WebSphere Service Registry and Repository)
Security Vulnerability in IBM Java SDK affects IBM WebSphere Service Registry and Repository (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6995887 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 6995893 (Tivoli Business Service Manager)
Vulnerability in IBM Java SDK affects IBM Tivoli Business Service Manager (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6995895 (Tivoli Netcool/Impact)
Security vulnerability in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6997075 (Tivoli Monitoring)
A vulnerability in IBM Java SDK affects IBM Tivoli Monitoring for Virtual Environments Base(CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6997083 (Tivoli Monitoring)
A vulnerability in IBM Java SDK affects IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6997131 (App Connect Enterprise)
IBM App Connect Enterprise and IBM Integration Bus are affected by a vulnerability in the IBM SDK, Java Technology Edition [CVE-2023-30441]

Source: CCN
Type: IBM Security Bulletin 6997499 (i)
IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to exposing sensitive information due to flaws and configurations (CVE-2023-30441).

Source: CCN
Type: IBM Security Bulletin 6997913 (Cloud Pak System Software Suite)
Vulnerability in IBM Runtime Environment Java Version 8 affect Cloud Pak System. [CVE-2023-30441]

Source: CCN
Type: IBM Security Bulletin 6997919 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Source: CCN
Type: IBM Security Bulletin 6998353 (MQ)
IBM MQ is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 6998679 (Sterling Connect:Direct Browser User Interface)
IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

Source: CCN
Type: IBM Security Bulletin 6998681 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6998727 (Cloud Pak for Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business

Source: CCN
Type: IBM Security Bulletin 6998795 (Rational Business Developer)
Vulnerabilities in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Source: CCN
Type: IBM Security Bulletin 6999555 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7006367 (Storage Protect)
IBM Storage Protect is vulnerable to exposure of sensitive information due to Java Technology Edition (CVE-2023-30441 )

Source: CCN
Type: IBM Security Bulletin 7007479 (InfoSphere Master Data Management)
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-30441)

Source: CCN
Type: IBM Security Bulletin 7014039 (Host On-Demand)
Vulnerability in IBM Java Runtime affects Host On-Demand

Source: CCN
Type: IBM Security Bulletin 7014913 (Rational Synergy)
Multiple Vulnerabilities in Rational Synergy 7.2.2.5

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • AND
  • cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8150
    P
    		Security update for java-1_8_0-ibm (Important)
    2023-06-13
    BACK
    ibm websphere application server 8.5
    ibm websphere application server 9.0
    ibm infosphere information server 11.7
    ibm websphere application server
    ibm i 7.2
    ibm websphere service registry and repository 8.5
    ibm tivoli netcool/impact 7.1.0
    ibm rational business developer 9.5
    ibm i 7.3
    ibm aix 7.2
    ibm infosphere master data management 11.6
    ibm tivoli business service manager 6.2.0
    ibm i 7.4
    ibm vios 3.1
    ibm cloud pak for automation 19.0.3
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm rational business developer 9.6
    ibm cloud pak for automation 20.0.1
    ibm cloud pak for automation 20.0.2
    ibm business automation workflow 20.0.0.2
    ibm cloud pak for automation 20.0.3
    ibm cloud pak for automation 21.0.1
    ibm cloud pak for automation 21.0.2 -
    ibm aix 7.3
    ibm cloud pak for automation 19.0.1
    ibm business automation workflow 21.0.3
    ibm cloud pak for automation 19.0.2
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm app connect enterprise 12.0.4.0
    ibm i 7.5
    ibm business automation workflow 22.0.1 -
    ibm cloud pak for business automation 22.0.1 -
    ibm cloud pak for business automation 22.0.2 -