vulnerability

IBM WebSphere Application Server: CVE-2022-39161: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Try Surface Command

Back to search

Severity

CVSS

(AV:A/AC:M/Au:S/C:C/I:N/A:N)

Published

May 3, 2023

Added

Jul 27, 2023

Modified

Jun 23, 2026

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.

Solution

ibm-was-upgrade-latest

References

CVE-2022-39161
https://attackerkb.com/topics/CVE-2022-39161
IBM-ibm106987779
https://www.ibm.com/support/pages/node/6987779
https://exchange.xforce.ibmcloud.com/vulnerabilities/235069
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-41706
CWE-295
EUVD-EUVD-2022-41706

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report