#VU61581 Use of a broken or risky cryptographic algorithm in IBM WebSphere Application Server Liberty


Published: 2022-03-24

Vulnerability identifier: #VU61581

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22310

CWE-ID: CWE-327

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to usage of a weak cryptographic algorithms. A remote attacker can intercept and decrypt traffic.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM WebSphere Application Server Liberty: 21.0.0.10 - 21.0.0.12

External links
http://www.ibm.com/support/pages/node/6541530

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Copy Services Manager
Multiple vulnerabilities in IBM Cloud Transformation Advisor
Multiple vulnerabilities in IBM WIoTP MessageGateway/IoT MessageSight
MitM attack in IBM Transformation Extender Advanced
MitM attack in IBM WebSphere Application Server Liberty