CVE-2022-22476

CWE-2903 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 74.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Open LibertyIBM Websphere Application ServerIBM Websphere Application Server Liberty
Timeline
PublishedJul 8
Latest updateJul 9

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5ibm/websphere_application_server_liberty17.0.0.3, 22.0.0.7+1
NVDibm/open_liberty17.0.0.322.0.0.8
NVDibm/websphere_application_server17.0.0.322.0.0.8

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-f6r7-5vgc-q2jp: IBM WebSphere Application Server Liberty 172022-07-09
CVEList
CVE-2022-22476: IBM WebSphere Application Server Liberty 172022-07-08
CVE-2022-22476 (HIGH CVSS 8.8) | IBM WebSphere Application Server Li | cvebase.io