CVE-2022-39161

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 9.0 IBM WebSphere Application Server Liberty

Description The issue allows an authenticated user to conduct spoofing attacks when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server. A man-in-the-middle attacker could exploit this using a certificate issued by a trusted authority to obtain sensitive information.

Recommendations For IBM WebSphere Application Server versions 7.0 through 9.0, update to a version that includes the fix for this issue. For IBM WebSphere Application Server Liberty, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Web Server Plug-ins for IBM WebSphere Application Server to minimize the risk of exploitation.