Summary An issue was identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. CWE:CWE-295: Improper Certificate Validation CVSS Source: IBM X-Force CVSS Base score: 5.3 CVSS Vector:(CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s) | Version(s) —|— IBM MQ | 9.1 LTS IBM MQ | 9.2 LTS IBM MQ | 9.3 LTS IBM MQ | 9.4 LTS IBM MQ | 9.3 CD IBM MQ | 9.4 CD The following installable MQ components are affected by the vulnerability: – REST API and Console If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins Remediation/Fixes This issue was addressed under APAR IT46890 IBM MQ version 9.1 LTS Apply cumulative security update 9.1.0.24 IBM MQ version 9.2 LTS Apply cumulative security update 9.2.0.28 IBM MQ version 9.3 LTS Apply fix pack 9.3.0.25 IBM MQ version 9.4 LTS Apply…Read More