Lucene search

IBM31455931D60C94E96A8BD5A65A17D808963B91B2708A6BBA16CBB448693F1E15

HistorySep 06, 2022 - 3:36 p.m.

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2022-22475)

2022-09-0615:36:09

www.ibm.com

ibm websphere

application server liberty

ibm spectrum scale

identity spoofing

authenticated user

vulnerability update

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.6%

JSON

Summary

There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Spectrum Scale, which could allow identity spoofing by an authenticated user.

Vulnerability Details

CVEID:CVE-2022-22475
**DESCRIPTION:**IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Spectrum Scale	5.1.0.0 - 5.1.2.5
IBM Spectrum Scale	5.1.3.0 - 5.1.4.0

Remediation/Fixes

For IBM Spectrum Scale V5.1.0.0 through V5.1.2.5, apply V5.1.2.6 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all

For IBM Spectrum Scale V5.1.3.0 through V5.1.4.0, apply V5.1.4.1 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.4&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_scaleMatch5.1.

VendorProductVersionCPE
ibmspectrum_scale5.1.cpe:2.3:a:ibm:spectrum_scale:5.1.:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	spectrum_scale	5.1.	cpe:2.3:a:ibm:spectrum_scale:5.1.:::::::*

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.6%

JSON

Related for 31455931D60C94E96A8BD5A65A17D808963B91B2708A6BBA16CBB448693F1E15