Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for IBM WebSphere Application Server Liberty vulnerability to Identity Spoofing (CVE-2022-22475)

Summary On applications on IBM WebSphere Application Server Liberty, an authenticated user could use a brute force attack to extract an encryption key from LTPA token and through a series of involved steps could conduct an attack whereby they replace their user name with that of another user in t...

The vulnerability of the Configuration The Expedition Migration tool, which involves manipulating cross-site requests, allows a hacker to replace the user during a session and execute arbitrary code.

The vulnerability of the The Expedition Migration tool relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to replace the user during an session and execute arbitrary code...

The vulnerability of the GNU Mailman mailing system allows a hacker to replace a user during an administrator session.

The vulnerability in the GNU Mailman mailing system’s web interface is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to replace the user during an administrator session...

The vulnerability of the Moodle learning management system allows a hacker to replace a user during a session.

The vulnerability of the admin/registration/register.php function in the Moodle learning management system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to replace a user during a session by sending a request that sends statistics to...