China National Vulnerability DatabaseCNVD-2022-63368IBM WebSphere Application Server Liberty Information Disclosure Vulnerability (CNVD-2022-63368)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
IBM WebSphere Application Server Liberty is a Java application server from IBM built on top of the Open Liberty project. IBM WebSphere Application Server Liberty is vulnerable to an information disclosure vulnerability that originates when The vulnerability stems from the fact that when adminCenter-1.0 functionality is enabled, the application lacks protection for information and an attacker can use the vulnerability to bypass data access restrictions to read sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| IBM WebSphere Application Server Liberty >=17.0.0.3,<=22. | eq | 0.0.5 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N