vulnerability
IBM WebSphere Application Server: CVE-2022-39161: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:S/C:C/I:N/A:N) | May 3, 2023 | Jul 27, 2023 | Jan 28, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:C/I:N/A:N)
Published
May 3, 2023
Added
Jul 27, 2023
Modified
Jan 28, 2025
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
Solution(s)
ibm-was-install-8-5-0-0-ph48747ibm-was-install-9-0-0-0-ph48747ibm-was-upgrade-8-5-0-0-8-5-5-24ibm-was-upgrade-9-0-0-0-9-0-5-16
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.