Vulnerabilities > CVE-2022-39161 - Unspecified vulnerability in IBM Websphere Application Server

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

ibm

NVD

Published: 2023-05-03

Updated: 2024-11-21

Summary

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Websphere Application Server 9.0 IBM Websphere Application Server 7.0 IBM Websphere Application Server 8.0 IBM Websphere Application Server 8.5 IBM Websphere Application Server -	5

Summary

Vulnerable Configurations

References