PT-2023-13701 · Ibm · Ibm Websphere Application Server Liberty+2
Published
2023-05-03
·
Updated
2025-03-03
·
CVE-2022-39161
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Application Server versions 7.0 through 9.0
IBM WebSphere Application Server Liberty
Description
The issue allows an authenticated user to conduct spoofing attacks when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server. A man-in-the-middle attacker could exploit this using a certificate issued by a trusted authority to obtain sensitive information.
Recommendations
For IBM WebSphere Application Server versions 7.0 through 9.0, update to a version that includes the fix for this issue.
For IBM WebSphere Application Server Liberty, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Web Server Plug-ins for IBM WebSphere Application Server to minimize the risk of exploitation.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Application Server
Ibm Websphere Application Server Liberty
Web Server Plug-Ins For Ibm Websphere Application Server