PT-2022-15456 · Ibm · Ibm Websphere Application Server Liberty+1
Tom Tervoort
·
Published
2022-07-08
·
Updated
2022-08-03
·
CVE-2022-22476
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.7
Open Liberty
Description
The issue allows an authenticated user to perform identity spoofing using a specially crafted request.
Recommendations
For IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.7, update to a version outside of this range to resolve the issue.
For Open Liberty, update to a version that is not vulnerable to this issue.
As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Application Server Liberty
Open Liberty