Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty
CVE-2022-22476

5MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty
Vendor: CVE Published:; 8 July 2022

What is CVE-2022-22476?

The IBM WebSphere Application Server Liberty and Open Liberty versions are susceptible to identity spoofing. An authenticated attacker could exploit this vulnerability by sending specially crafted requests, potentially impersonating other users within the system. This raises serious security concerns, making it critical for users to apply necessary patches and updates to mitigate risks.

Affected Version(s)

WebSphere Application Server Liberty 17.0.0.3

WebSphere Application Server Liberty 22.0.0.7

References

https://www.ibm.com/support/pages/node/6602015

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/225604

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2022
Vulnerability Reserved
Jan 3, 2022