{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- UNIX\n- Linux\n- MacOS X\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-0840 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0840.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-0840 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0840"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin",
      "url" : "https://www.ibm.com/support/pages/node/7001287"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6995185 vom 2023-05-17",
      "url" : "https://www.ibm.com/support/pages/node/6995185"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6987031 vom 2023-04-28",
      "url" : "https://www.ibm.com/support/pages/node/6987031"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6983492 vom 2023-04-13",
      "url" : "https://www.ibm.com/support/pages/node/6983492"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6983454 vom 2023-04-13",
      "url" : "https://www.ibm.com/support/pages/node/6983454"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin: 6980375 vom 2023-04-03",
      "url" : "https://www.ibm.com/support/pages/node/6980375"
    } ],
    "source_lang" : "en-US",
    "title" : "IBM WebSphere Application Server: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff",
    "tracking" : {
      "current_release_date" : "2023-06-05T22:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T17:47:53.375+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2023-0840",
      "initial_release_date" : "2023-04-03T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2023-04-03T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2023-04-12T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2023-04-13T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2023-04-27T22:00:00.000+00:00",
        "number" : "4",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2023-05-18T22:00:00.000+00:00",
        "number" : "5",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2023-06-05T22:00:00.000+00:00",
        "number" : "6",
        "summary" : "Neue Updates von IBM aufgenommen"
      } ],
      "status" : "final",
      "version" : "6"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 21.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 21.0.2",
            "product_id" : "1055431",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:21.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 21.0.3",
          "product" : {
            "name" : "IBM Business Automation Workflow 21.0.3",
            "product_id" : "1150328",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:21.0.3"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 22.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 22.0.1",
            "product_id" : "1268578",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:22.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 18.0.0.0",
          "product" : {
            "name" : "IBM Business Automation Workflow 18.0.0.0",
            "product_id" : "389078",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.0"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 18.0.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 18.0.0.1",
            "product_id" : "389079",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 18.0.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 18.0.0.2",
            "product_id" : "428468",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 19.0.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 19.0.0.1",
            "product_id" : "433292",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 19.0.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 19.0.0.2",
            "product_id" : "672243",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 19.0.0.3",
          "product" : {
            "name" : "IBM Business Automation Workflow 19.0.0.3",
            "product_id" : "672244",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 20.0.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 20.0.0.1",
            "product_id" : "867559",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:20.0.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 20.0.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 20.0.0.2",
            "product_id" : "867560",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow",
          "product" : {
            "name" : "IBM Business Automation Workflow",
            "product_id" : "T024465",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:traditional"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Business Automation Workflow"
      }, {
        "branches" : [ {
          "category" : "product_name",
          "name" : "IBM Security Guardium Key Lifecycle Manager 4.1.1",
          "product" : {
            "name" : "IBM Security Guardium Key Lifecycle Manager 4.1.1",
            "product_id" : "T021015",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Security Guardium Key Lifecycle Manager 4.1",
          "product" : {
            "name" : "IBM Security Guardium Key Lifecycle Manager 4.1",
            "product_id" : "T021031",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Security Guardium Key Lifecycle Manager 4.2",
          "product" : {
            "name" : "IBM Security Guardium Key Lifecycle Manager 4.2",
            "product_id" : "T027545",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Security Guardium"
      }, {
        "category" : "product_name",
        "name" : "IBM Tivoli Netcool/OMNIbus 8.1.0",
        "product" : {
          "name" : "IBM Tivoli Netcool/OMNIbus 8.1.0",
          "product_id" : "T027235",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_name",
          "name" : "IBM WebSphere Application Server 8.5",
          "product" : {
            "name" : "IBM WebSphere Application Server 8.5",
            "product_id" : "703851",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:websphere_application_server:8.5"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM WebSphere Application Server 9.0",
          "product" : {
            "name" : "IBM WebSphere Application Server 9.0",
            "product_id" : "703852",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:websphere_application_server:9.0"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM WebSphere Application Server liberty",
          "product" : {
            "name" : "IBM WebSphere Application Server liberty",
            "product_id" : "T011504",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:websphere_application_server:liberty"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "WebSphere Application Server"
      }, {
        "category" : "product_name",
        "name" : "IBM WebSphere Service Registry and Repository 8.5.x",
        "product" : {
          "name" : "IBM WebSphere Service Registry and Repository 8.5.x",
          "product_id" : "T022377",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:ibm:websphere_service_registry_and_repository:8.5.x"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "IBM"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2023-21830",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in IBM WebSphere Application Server. Diese bestehen in der Komponente \"JavaSE\" und sind nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen."
    } ],
    "product_status" : {
      "known_affected" : [ "T011504", "867559", "672243", "672244", "1268578", "389079", "428468", "389078", "703851", "703852", "1150328", "1055431", "T021015", "867560", "433292", "T021031", "T024465", "T022377", "T027545", "T027235" ]
    },
    "release_date" : "2023-04-03T22:00:00.000+00:00",
    "title" : "CVE-2023-21830"
  }, {
    "cve" : "CVE-2022-21426",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in IBM WebSphere Application Server. Diese bestehen in der Komponente \"JavaSE\" und sind nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen."
    } ],
    "product_status" : {
      "known_affected" : [ "T011504", "867559", "672243", "672244", "1268578", "389079", "428468", "389078", "703851", "703852", "1150328", "1055431", "T021015", "867560", "433292", "T021031", "T024465", "T022377", "T027545", "T027235" ]
    },
    "release_date" : "2023-04-03T22:00:00.000+00:00",
    "title" : "CVE-2022-21426"
  } ]
}