9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.042 Low
EPSS
Percentile
92.2%
InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache CXF library when jaxws-2.2 feature is enabled. This has been addressed.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM InfoSphere Identity Insight | 9.1 |
IBM InfoSphere Identity Insight | 9.0 |
IBM InfoSphere Identity Insight | 10.0 |
Per the original bulletin for CVE-2022-46364 (<https://www.ibm.com/support/pages/security-bulletin-ibm-websphere-application-server-liberty-vulnerable-server-side-request-forgery-due-apache-cxf-cve-2022-46364>), this issue can be resolved by upgrading WebSphere Liberty Profile to version 23.0.0.2 or later. Identity Insight customers are advised to update to version 23.0.0.2. Instructions for this update are found in the tech note at <https://www.ibm.com/support/pages/node/6960567>.
None
CPE | Name | Operator | Version |
---|---|---|---|
infosphere identity insight | eq | 9.0 | |
infosphere identity insight | eq | 9.1 | |
infosphere identity insight | eq | 10.0 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.042 Low
EPSS
Percentile
92.2%