CVE-2014-3022 — Sensitive Information Exposure in IBM Websphere Application Server

CWE-200 — Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 29.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedAug 22
Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDibm/websphere_application_server37 versions+36

🔴Vulnerability Details

2
GHSA
GHSA-h7wx-9rv8-3fg8: IBM WebSphere Application Server (WAS) 7↗2022-05-17
â–¶
CVEList
CVE-2014-3022: IBM WebSphere Application Server (WAS) 7↗2014-08-22
â–¶
CVE-2014-3022 — Sensitive Information Exposure in IBM | cvebase