Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty
CVE-2022-22475

5MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty
Vendor: CVE Published:; 17 May 2022

What is CVE-2022-22475?

IBM WebSphere Application Server Liberty and Open Liberty versions 17.0.0.3 through 22.0.0.5 are susceptible to identity spoofing attacks. An authenticated user could exploit this vulnerability to impersonate another user, leading to unauthorized access and potential data breaches. This flaw highlights the importance of securing identity management protocols in enterprise applications.

Affected Version(s)

WebSphere Application Server Liberty 17.0.0.3

WebSphere Application Server Liberty 22.0.0.5

References

https://www.ibm.com/support/pages/node/6586734

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/225603

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
Jan 3, 2022