CVE-2022-22473 — Sensitive Information Exposure in IBM Websphere Application Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 74.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 14

Latest updateJul 15

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/websphere_application_server7.0.0.0 — 7.0.0.45+3

▶CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qc7h-569f-c9vr: IBM WebSphere Application Server 7↗2022-07-15

▶

CVEList

CVE-2022-22473: IBM WebSphere Application Server 7↗2022-07-14

▶