vulnerability
IBM WebSphere Application Server: CVE-2022-39161: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:A/AC:M/Au:S/C:C/I:N/A:N) | May 3, 2023 | Jul 27, 2023 | Mar 27, 2026 |
Severity
5
CVSS
(AV:A/AC:M/Au:S/C:C/I:N/A:N)
Published
May 3, 2023
Added
Jul 27, 2023
Modified
Mar 27, 2026
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
Solutions
ibm-was-install-8-5-0-0-ph48747ibm-was-install-9-0-0-0-ph48747ibm-was-upgrade-8-5-0-0-8-5-5-24ibm-was-upgrade-9-0-0-0-9-0-5-16
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.