CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39161 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-39161
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235069 https://www.ibm.com/support/pages/node/6987779 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2022-38712
https://notcve.org/view.php?id=CVE-2022-38712
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." "IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podrían permitir que un atacante intermediario realice suplantación de SOAPAction para ejecutar operaciones no deseadas o no autorizadas. ID de IBM X-Force: 234762". • https://www.ibm.com/support/pages/node/6829907 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35282
https://notcve.org/view.php?id=CVE-2022-35282
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante con acceso a la red local podría aprovechar esta vulnerabilidad para obtener datos confidenciales • https://exchange.xforce.ibmcloud.com/vulnerabilities/230809 https://www.ibm.com/support/pages/node/6824179 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 https://www.ibm.com/support/pages/node/6619699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerables a una inyección de encabezados HTTP, causada por una comprobación inapropiada. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo el envenenamiento de la caché y ataques de tipo cross-site scripting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 https://www.ibm.com/support/pages/node/6618747 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •