IBM WebSphere Application Server Code Issue Vulnerability (CNVD-2022-66768)

2022-09-2900:00:00

China National Vulnerability Database

www.cnvd.org.cn

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

JSON

IBM WebSphere Application Server (WAS) is an application server product from International Business Machines (IBM). The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server has a code issue vulnerability that stems from the fact that an attacker can trigger a request forgery on its server side to force the server to send a query. No detailed vulnerability details are currently available.

CPENameOperatorVersion
IBM Websphere Application Server >=7.0.0.0，<7.eq0.0.45
IBM Websphere Application Server >=8.0.0.0，<8.eq0.0.15
IBM Websphere Application Server >=8.5.0.0，<8.eq5.5.22
IBM Websphere Application Server >=9.0.0.0，<9.eq0.5.13

Name	Operator	Version
IBM Websphere Application Server >=7.0.0.0，<7.	eq	0.0.45
IBM Websphere Application Server >=8.0.0.0，<8.	eq	0.0.15
IBM Websphere Application Server >=8.5.0.0，<8.	eq	5.5.22
IBM Websphere Application Server >=9.0.0.0，<9.	eq	0.5.13