Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether this vulnerability is applicable to your code. There are also multiple vulnerabilities in the IBM WebSphere Application Server Liberty that is shipped with IBM Liberty for Java for IBM Cloud. IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. IBM WebSphere Application Server Liberty could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Vulnerability Details ** CVEID: CVE-2023-44483 DESCRIPTION: **Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files when using the JSR 105 API. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the…Read More
Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud
