vulnerability

IBM WebSphere Application Server: CVE-2023-51775: IBM WebSphere Application Server: CVE-2023-51775: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Feb 29, 2024	Apr 22, 2024	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Feb 29, 2024

Added

Apr 22, 2024

Modified

Aug 11, 2025

Description

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Solutions

ibm-was-install-21-0-0-3-ph60199-libertyibm-was-install-8-5-5-3-ph61002ibm-was-install-9-0-0-0-ph61002ibm-was-upgrade-21-0-0-3-24-0-0-4-libertyibm-was-upgrade-8-5-5-3-8-5-5-26ibm-was-upgrade-9-0-0-0-9-0-5-20

References

CVE-2023-51775
https://attackerkb.com/topics/CVE-2023-51775
CWE-400

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today