CVE-2022-22475

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 75.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Open Liberty IBM Websphere Application Server IBM Websphere Application Server Liberty

Timeline

PublishedMay 17

Latest updateMay 18

Description

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/websphere_application_server_liberty17.0.0.3, 22.0.0.5+1

▶NVDibm/open_liberty17.0.0.3 — 22.0.0.5

▶NVDibm/websphere_application_server17.0.0.3 — 22.0.0.5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5vv3-v35r-97ch: IBM WebSphere Application Server Liberty 17↗2022-05-18

▶

CVEList

CVE-2022-22475: IBM WebSphere Application Server Liberty and Open Liberty 17↗2022-05-17

▶