vulnerability
IBM WebSphere Application Server: CVE-2022-39161: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:A/AC:M/Au:S/C:C/I:N/A:N) | May 3, 2023 | Jul 27, 2023 | Aug 11, 2025 |
Severity
5
CVSS
(AV:A/AC:M/Au:S/C:C/I:N/A:N)
Published
May 3, 2023
Added
Jul 27, 2023
Modified
Aug 11, 2025
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
Solutions
ibm-was-install-8-5-0-0-ph48747ibm-was-install-9-0-0-0-ph48747ibm-was-upgrade-8-5-0-0-8-5-5-24ibm-was-upgrade-9-0-0-0-9-0-5-16
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.