Lucene search

[email protected]NVD:CVE-2022-39161

HistoryMay 03, 2023 - 8:15 p.m.

CVE-2022-39161

2023-05-0320:15:09

CWE-295

[email protected]

web.nvd.nist.gov

ibm

websphere

spoofing

authentication

man-in-the-middle

certificate

x-force

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch-liberty

ibmwebsphere_application_serverMatch7.0

ibmwebsphere_application_serverMatch8.0

ibmwebsphere_application_serverMatch8.5

ibmwebsphere_application_serverMatch9.0

References

exchange.xforce.ibmcloud.com/vulnerabilities/235069

www.ibm.com/support/pages/node/6987779

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

Related for NVD:CVE-2022-39161

ibm35 cve1 prion1 nessus1 cvelist1