CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22473
https://notcve.org/view.php?id=CVE-2022-22473
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un atacante remoto obtener información confidencial causada por un manejo inapropiado de los datos de la Consola Administrativa. Esta información podría usarse en otros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225347 https://www.ibm.com/support/pages/node/6603421 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22476
https://notcve.org/view.php?id=CVE-2022-22476
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.7 y Open Liberty son vulnerables a una suplantación de identidad por parte de un usuario autenticado usando una petición especialmente diseñada. IBM X-Force ID: 225604 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 https://www.ibm.com/support/pages/node/6602015 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22365
https://notcve.org/view.php?id=CVE-2022-22365
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, con la aplicación web Ajax Proxy (AjaxProxy.war) desplegada, es vulnerable a una suplantación de identidad al permitir a un atacante de tipo man-in-the-middle suplantar los nombres de host del servidor SSL. IBM X-Force ID: 220904 • https://exchange.xforce.ibmcloud.com/vulnerabilities/220904 https://www.ibm.com/support/pages/node/6587947 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22475
https://notcve.org/view.php?id=CVE-2022-22475
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. IBM WebSphere Application Server Liberty y Open Liberty 17.0.0.3 a 22.0.0.5 son vulnerables a la suplantación de identidad por parte de un usuario autenticado. ID de IBM X-Force: 225603 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 https://www.ibm.com/support/pages/node/6586734 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22393
https://notcve.org/view.php?id=CVE-2022-22393
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.5 , con la funcionalidad adminCenter-1.0 configurada, podría permitir a un usuario autenticado emitir una petición para obtener el estado de los puertos HTTP/HTTPS a los que accede el servidor de aplicaciones. IBM X-Force ID: 222078 • https://exchange.xforce.ibmcloud.com/vulnerabilities/222078 https://www.ibm.com/support/pages/node/6585704 •