8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.0%
There is a vulnerability in the version of IBM WebSphere Application Server Liberty that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. [CVE-2022-22476]
CVEID:CVE-2022-22476
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM SPSS Analytic Server | 3.4 |
IBM SPSS Analytic Server | 3.3 |
IBM SPSS Analytic Server | 3.2 |
IBM SPSS Analytic Server | 3.1 |
IBM strongly recommends addressing the vulnerability now by applying the following fixes.
Product | VRMF | _Fixes _** ** |
---|---|---|
IBM SPSS Analytic Server | 3.4.x | 3.4.x - IFIX |
IBM SPSS Analytic Server | 3.3.x | 3.3.x - IFIX |
IBM SPSS Analytic Server | 3.2.x | 3.2.x - IFIX |
IBM SPSS Analytic Server | 3.1.x | 3.1.x - IFIX |
After Analytic Server 3.2.0.x(include 3.2.0), Please use wlp-webProfile8-22.0.0.9.zip
Before Analytic Server 3.2.0.x, Please use wlp-webProfile7-22.0.0.9.zip
<https://www.ibm.com/support/pages/node/6612515>
The recommended solutions include upgrading to IBM SPSS Analytic Server 3.4.0 IFIX as above, or upgrading your IBM WebSphere Application Server Liberty version as described in the WebSphere Application Server security bulletin.
None
CPE | Name | Operator | Version |
---|---|---|---|
spss analytic server | eq | 3.1.0 | |
spss analytic server | eq | 3.2.0 | |
spss analytic server | eq | 3.3.0 | |
spss analytic server | eq | 3.4.0 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.0%