CVE-2023-30441

Name of the Vulnerable Software and Affected Versions IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE versions 8.0.7.0 through 8.0.7.11

Description The issue is related to the use of flawed cryptographic algorithms in the Java Secure Socket Extension (JSSE) and IBMJCEPlus components. This could allow a remote attacker to gain unauthorized access to protected information. The combination of flaws and configurations in the affected components may expose sensitive information.

Recommendations For versions 8.0.7.0 through 8.0.7.11, consider updating to a version that addresses the issue with the flawed cryptographic algorithms. As a temporary workaround, restrict the use of the JSSE and IBMJCEPlus components to minimize the risk of exploitation. Avoid using the affected components for sensitive information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.