Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9C342E54B79C27DC129CC0087685961BBDA4130D22E8BAEBFD397565B1E890CA
HistoryOct 03, 2022 - 12:40 p.m.

Security Bulletin: CP4D Match 360 is impacted due to vulnerability in IBM WebSphere Application Server Liberty due to Identity Spoofing (CVE-2022-22476)

2022-10-0312:40:00
www.ibm.com
10
ibm match 360
identity spoofing
ibm websphere

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.0%

JSON

Summary

IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. IBM Match 360 v4.5.2 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty.

Vulnerability Details

CVEID:CVE-2022-22476
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
ICP - IBM Match 360 All

Remediation/Fixes

<https://www.ibm.com/support/pages/node/6602015&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatch4.5.
CPENameOperatorVersion
ibm cloud pak for dataeq4.5.

Related

ibm 55
nessus 1
osv 1
cvelist 1
prion 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway
2023-02-09 10:24:31
Security Bulletin: IBM CICS TX Advanced is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)
2023-02-14 21:04:36
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)
2023-09-20 12:42:21
nessus
nessus
IBM WebSphere Application Server Liberty 17.0.0.3 <= 22.0.0.7 Identity Spoofing (6602015)
2022-08-03 00:00:00
osv
osv
CVE-2022-22476
2022-07-08 18:15:09
cvelist
cvelist
CVE-2022-22476
2022-07-07 00:00:00
prion
prion
Design/Logic Flaw
2022-07-08 18:15:00
nvd
nvd
CVE-2022-22476
2022-07-08 18:15:09
cve
cve
CVE-2022-22476
2022-07-08 18:15:09

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.0%

JSON
Related for 9C342E54B79C27DC129CC0087685961BBDA4130D22E8BAEBFD397565B1E890CA
ibm55nessus1osv1cvelist1prion1nvd1cve1