{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein lokaler Angreifer kann eine Schwachstelle in IBM WebSphere Application Server Liberty ausnutzen, um seine Privilegien zu erhöhen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- MacOS X\n- Windows\n- Sonstiges",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-0919 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0919.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-0919 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0919"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6989199 vom 2023-05-09",
      "url" : "https://www.ibm.com/support/pages/node/6989199"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 6983490 vom 2023-04-13",
      "url" : "https://www.ibm.com/support/pages/node/6983490"
    }, {
      "category" : "external",
      "summary" : "IBM Security Advisory vom 2023-04-11",
      "url" : "https://www.ibm.com/support/pages/node/6982895"
    } ],
    "source_lang" : "en-US",
    "title" : "IBM WebSphere Application Server Liberty: Schwachstelle ermöglicht Privilegieneskalation",
    "tracking" : {
      "current_release_date" : "2023-05-09T22:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T17:48:29.494+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2023-0919",
      "initial_release_date" : "2023-04-11T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2023-04-11T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2023-04-13T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2023-05-09T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "Neue Updates von IBM aufgenommen"
      } ],
      "status" : "final",
      "version" : "3"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 21.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 21.0.2",
            "product_id" : "1055431",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:21.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 21.0.3",
          "product" : {
            "name" : "IBM Business Automation Workflow 21.0.3",
            "product_id" : "1150328",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:21.0.3"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 22.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 22.0.1",
            "product_id" : "1268578",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:22.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 18.0.0.0",
          "product" : {
            "name" : "IBM Business Automation Workflow 18.0.0.0",
            "product_id" : "389078",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.0"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 18.0.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 18.0.0.1",
            "product_id" : "389079",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 18.0.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 18.0.0.2",
            "product_id" : "428468",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 19.0.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 19.0.0.1",
            "product_id" : "433292",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 19.0.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 19.0.0.2",
            "product_id" : "672243",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 19.0.0.3",
          "product" : {
            "name" : "IBM Business Automation Workflow 19.0.0.3",
            "product_id" : "672244",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 20.0.0.1",
          "product" : {
            "name" : "IBM Business Automation Workflow 20.0.0.1",
            "product_id" : "867559",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:20.0.0.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow 20.0.0.2",
          "product" : {
            "name" : "IBM Business Automation Workflow 20.0.0.2",
            "product_id" : "867560",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Business Automation Workflow"
      }, {
        "branches" : [ {
          "category" : "product_name",
          "name" : "IBM TXSeries for Multiplatforms 9.1",
          "product" : {
            "name" : "IBM TXSeries for Multiplatforms 9.1",
            "product_id" : "T015903",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM TXSeries for Multiplatforms 8.2",
          "product" : {
            "name" : "IBM TXSeries for Multiplatforms 8.2",
            "product_id" : "T015904",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM TXSeries for Multiplatforms 8.1",
          "product" : {
            "name" : "IBM TXSeries for Multiplatforms 8.1",
            "product_id" : "T015905",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "TXSeries"
      }, {
        "category" : "product_name",
        "name" : "IBM WebSphere Application Server Liberty 23.0.0.3",
        "product" : {
          "name" : "IBM WebSphere Application Server Liberty 23.0.0.3",
          "product_id" : "T027199",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:ibm:websphere_application_server:liberty_23.0.0.3"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "IBM"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2023-0482",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in IBM WebSphere Application Server Liberty. Der Fehler besteht in \"RESTEasy\" aufgrund der Erstellung von unsicheren temporären Dateien in der Funktion \"File.createTempFile()\", die in den Klassen \"DataSourceProvider\", \"FileProvider\" und \"Mime4JWorkaround\" verwendet wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, indem er eine speziell gestaltete Anfrage sendet, um seine Privilegien zu erweitern."
    } ],
    "product_status" : {
      "known_affected" : [ "T015905", "T015904", "867559", "T015903", "672243", "672244", "1268578", "389079", "428468", "389078", "1150328", "1055431", "867560", "433292", "T027199" ]
    },
    "release_date" : "2023-04-11T22:00:00.000+00:00",
    "title" : "CVE-2023-0482"
  } ]
}