CVE-2022-39161 — MEDIUM (4.8)

Vulnerability Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Websphere Application Server	-

Related Weaknesses (CWE)

CWE-295

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/235069VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6987779
https://exchange.xforce.ibmcloud.com/vulnerabilities/235069VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6987779

FAQ

What is CVE-2022-39161?

CVE-2022-39161 is a vulnerability with a CVSS score of 4.8 (MEDIUM). IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, cou...

How severe is CVE-2022-39161?

CVE-2022-39161 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-39161?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.