CVE-2022-43917

State: PUBLISHED · Published: 2023-01-25 · Updated: 2025-03-31 · Assigner: ibm

Description

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

CWE

CWE-327 — CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Affected

IBM / WebSphere Application Server — v=8.5, 9.0 [affected]

CVSS

3.1 score=5.9 severity=MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://www.ibm.com/support/pages/node/6857007 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 vdb-entry

Source

cvelistV5-main/cves/2022/43xxx/CVE-2022-43917.json