vulnerability
IBM WebSphere Application Server: CVE-2022-39161: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:A/AC:M/Au:S/C:C/I:N/A:N) | May 3, 2023 | Jul 27, 2023 | Mar 27, 2026 |
Severity
5
CVSS
(AV:A/AC:M/Au:S/C:C/I:N/A:N)
Published
May 3, 2023
Added
Jul 27, 2023
Modified
Mar 27, 2026
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
Solutions
ibm-was-install-8-5-0-0-ph48747ibm-was-install-9-0-0-0-ph48747ibm-was-upgrade-8-5-0-0-8-5-5-24ibm-was-upgrade-9-0-0-0-9-0-5-16
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.