#VU64197 Improper Authentication in IBM WebSphere Application Server Liberty


Published: 2022-06-13

Vulnerability identifier: #VU64197

Vulnerability risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22475

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an unspecified error. A remote authenticated user can spoof identity of other application users.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM WebSphere Application Server Liberty: 17.0.0.3 - 22.0.0.5

External links
http://www.ibm.com/support/pages/node/6586734

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper authentication in IBM CICS TX Advanced
Multiple vulnerabilities in IBM Application Performance Management
Multiple vulnerabilities in IBM Cognos Controller
Multiple vulnerabilities in IBM Cloud Transformation Advisor
Improper Authentication in IBM Maximo Application Suite - Monitor Component
Improper authentication in IBM B2B Advanced Communications
Multiple vulnerabilities in IBM Security Verify Access
Multiple vulnerabilities in IBM InfoSphere Global Name Management
Multiple vulnerabilities in IBM Cloud Application Business Insights
Multiple vulnerabilities in IBM Operations Analytics Predictive Insights