Spoofing Attacks on Trustworthy Certificates
CVE-2023-50314

7.5HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Liberty
Vendor: CVE Published:; 14 August 2024

Summary

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.8 contain a vulnerability that may permit an attacker with network access to conduct spoofing attacks. By utilizing a certificate issued by a trusted authority, the attacker can compromise sensitive information, posing significant risks to the application's integrity and confidentiality.

Affected Version(s)

WebSphere Application Liberty 17.0.0.3 <= 24.0.0.8

References

https://www.ibm.com/support/pages/node/7165502

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/274713

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Dec 7, 2023