#VU64197 Improper Authentication in IBM WebSphere Application Server Liberty - CVE-2022-22475


Vulnerability identifier: #VU64197

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-22475

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server Liberty
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an unspecified error. A remote authenticated user can spoof identity of other application users.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM WebSphere Application Server Liberty: 17.0.0.3 - 22.0.0.5

External links
https://www.ibm.com/support/pages/node/6586734

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Common Licensing
Improper authentication in IBM CICS TX Advanced
Multiple vulnerabilities in IBM Application Performance Management
Multiple vulnerabilities in IBM Cognos Controller
Multiple vulnerabilities in IBM Cloud Transformation Advisor
Improper Authentication in IBM Maximo Application Suite - Monitor Component
Improper authentication in IBM B2B Advanced Communications
Multiple vulnerabilities in IBM Security Verify Access
Multiple vulnerabilities in IBM InfoSphere Global Name Management
Multiple vulnerabilities in IBM Cloud Application Business Insights