Lucene search

K
ibmIBM9A5B5044B0068DB04F43FF02AD3AA7D324D995FCA66639896F59EB1DF10D7A75
HistoryMay 23, 2022 - 2:54 p.m.

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an Information Disclosure (CVE-2022-22393)

2022-05-2314:54:46
www.ibm.com
10
ibm
cloud pak
websphere
application server
information disclosure
cve-2022-22393
vulnerability
security bulletin

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

23.7%

Summary

IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an Information Disclosure (CVE-2022-22393)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) and Affected Version(s) Affecting Product(s) and Version(s)

IBM Cloud Pak for Applications

  • 5.1
    |

IBM WebSphere Application Server Liberty

  • 17.0.0.3-22.0.0.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH45086 which is described in Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393) .

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_applicationsMatch5.1
VendorProductVersionCPE
ibmcloud_pak_for_applications5.1cpe:2.3:a:ibm:cloud_pak_for_applications:5.1:*:*:*:*:*:*:*

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

23.7%

Related for 9A5B5044B0068DB04F43FF02AD3AA7D324D995FCA66639896F59EB1DF10D7A75