IBMA17C3230E5C92361D7B3CEC0BE1071A7A25303F7A057470BB11C91D40822AA7CSecurity Bulletin: Multiple vulnerabilities in WebSphere Liberty affect SPSS Collaboration and Deployment Services
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.0%
Summary
There are multiple vulnerabilities in WebSphere Liberty used by SPSS Collaboration and Deployment Services. These issues have been addressed.
Vulnerability Details
CVEID:CVE-2022-22475
**DESCRIPTION:**IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)
CVEID:CVE-2022-22393
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222078 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2022-22476
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| SPSS Collaboration and Deployment Services | 8.2 |
| SPSS Collaboration and Deployment Services | 8.2.1 |
| SPSS Collaboration and Deployment Services | 8.2.2 |
| SPSS Collaboration and Deployment Services | 8.3 |
| SPSS Collaboration and Deployment Services | 8.4 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerabilities now by installing the fix listed.
Product
| VRMF| Remediation/Fix
—|—|—
SPSS Collaboration and Deployment Services| 8.2.0.0| 8.2.0.0
SPSS Collaboration and Deployment Services| 8.2.1.0| 8.2.1.0
SPSS Collaboration and Deployment Services| 8.2.2.0| 8.2.2.0
SPSS Collaboration and Deployment Services| 8.3.0.0| 8.3.0.0
SPSS Collaboration and Deployment Services| 8.4.0.0| 8.4.0.0
Fixes for Components:
SPSS Collaboration and Deployment Services Repository Server deployed to WebSphere Liberty profile (8.2, 8.2.1, 8.2.2, 8.3, 8.4)
Workarounds and Mitigations
None
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
39.0%