CVE-2022-22365IBM Websphere Application Server vulnerability

3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 52.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedMay 20
Latest updateMay 21

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_application_server7.0.0.07.0.0.45+3
CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-cv25-9hfx-33wj: IBM WebSphere Application Server 72022-05-21
CVEList
CVE-2022-22365: IBM WebSphere Application Server 72022-05-20
CVE-2022-22365 — IBM vulnerability | cvebase