#VU65845 Authentication Bypass by Spoofing in IBM WebSphere Application Server Liberty


Published: 2022-07-28

Vulnerability identifier: #VU65845

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22476

CWE-ID: CWE-290

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to execute identity spoofing attacks.

The vulnerability exists due to an unspecified error in IBM WebSphere Application Server Liberty. A remote authenticated user can send a specially crafted request to perform identity spoofing attacks.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM WebSphere Application Server Liberty: 17.0.0.3 - 22.0.0.7

External links
http://www.ibm.com/support/pages/node/6602015
http://exchange.xforce.ibmcloud.com/vulnerabilities/225604

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Authentication bypass by spoofing in IBM Engineering Requirements Management DOORS Next
Authentication bypass by spoofing in IBM Engineering Lifecycle Management
Multiple vulnerabilities in Netcool Operations Insight
Multiple vulnerabilities in IBM Maximo Application Suite - Manage Component
Multiple vulnerabilities in IBM Directory Server and IBM Directory Suite products
Authentication bypass by spoofing in IBM Financial Transaction Manager
Authentication bypass by spoofing in IBM B2B Advanced Communications
Authentication bypass by spoofing in IBM CICS TX Standard
Authentication bypass by spoofing in IBM CICS TX Advanced
Spoofing attack in IBM CICS Transaction Gateway