EUVD-2022-38172

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

IBM WebSphere Application Server versions 7.0 to 9.0 are vulnerable to server-side request forgery.

Reporter	Title	Published	Views	Family All 36
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-35282)	28 Sep 202208:00	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow and IBM Business Process Manager (CVE-2022-35282)	29 Sep 202206:55	–	ibm
IBM Security Bulletins	Security Bulletin:IBM Tivoli Composite Application Manager for Application Diagnostics Installed WebSphere Application Server traditional is vulnerable to Server-Side Request Forgery (CVE-2022-35282)	6 Dec 202215:24	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase ( CVE-2022-34165, CVE-2022-35282, CVE-2022-34336 )	10 Oct 202206:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Tivoli Business Service Manager, is vulnerable to Server-Side Request Forgery (CVE-2022-35282)	6 Dec 202216:11	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli System Automation Application Manager (CVE-2022-35282)	13 Dec 202210:43	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (GKLM) (CVE-2022-35282)	19 Oct 202211:22	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM WebSphere Application Server (CVE-2022-35282) shipped with IBM Workload Scheduler 9.4	16 Dec 202217:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2022-35282)	29 Sep 202215:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282)	27 Sep 202218:55	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "4ce7f070-dde3-3884-83d1-72fc5b13bdc7",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2d73796f-7e00-3ae1-8e37-b3159ae36c30",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      },
      {
        "id": "bd28a5e0-14a3-3ca9-8aaa-7218e252aaae",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "7.0"
      },
      {
        "id": "cef64e2c-4cb6-3cd1-933d-ffc015147257",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "e57dc29f-69e4-3a65-9c70-5fe6377d84be",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6824179
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/230809

03 Oct 2025 20:07Current

5.6Medium risk

Vulners AI Score5.6

CVSS 34.3

CVSS 3.16.5

EPSS0.00304

SSVC