CVE-2023-50312 – IBM WebSphere Application Server Liberty information disclosure
https://notcve.org/view.php?id=CVE-2023-50312
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.2 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274711. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274711 https://www.ibm.com/support/pages/node/7125527 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-46158 – IBM WebSphere Application Server session fixation
https://notcve.org/view.php?id=CVE-2023-46158
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. IBM WebSphere Application Server Liberty 23.0.0.9 a 23.0.0.10 podría proporcionar una seguridad más débil de lo esperado debido a un manejo inadecuado de la caducidad de recursos. ID de IBM X-Force: 268775. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 https://www.ibm.com/support/pages/node/7058356 • CWE-613: Insufficient Session Expiration •