vulnerability

IBM WebSphere Application Server: CVE-2022-39161: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins

Severity
6
CVSS
(AV:N/AC:M/Au:S/C:C/I:N/A:N)
Published
May 3, 2023
Added
Jul 27, 2023
Modified
Jan 28, 2025

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.

Solution(s)

ibm-was-install-8-5-0-0-ph48747ibm-was-install-9-0-0-0-ph48747ibm-was-upgrade-8-5-0-0-8-5-5-24ibm-was-upgrade-9-0-0-0-9-0-5-16
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.