Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty
CVE-2022-22475

5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
17 May 2022

Summary

IBM WebSphere Application Server Liberty and Open Liberty versions 17.0.0.3 through 22.0.0.5 are susceptible to identity spoofing attacks. An authenticated user could exploit this vulnerability to impersonate another user, leading to unauthorized access and potential data breaches. This flaw highlights the importance of securing identity management protocols in enterprise applications.

Affected Version(s)

WebSphere Application Server Liberty 17.0.0.3

WebSphere Application Server Liberty 22.0.0.5

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.