Lucene search

IBM2F4350D82861A16E7FA7677193B4424A1998CA8DC20D5DC62CDEA0A69D649F53

HistorySep 22, 2022 - 11:56 a.m.

Security Bulletin: An information disclosure vulnerablity in IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms

2022-09-2211:56:15

www.ibm.com

ibm websphere

txseries

multiplatforms

information disclosure

vulnerability

ibm x-force

cve-2022-22393

cvss

remediation

fix

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

23.7%

JSON

Summary

TXSeries for Multiplatforms has addressed the following information disclosure vulnerability in IBM® WebSphere Application Server Liberty

Vulnerability Details

CVEID:CVE-2022-22393
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222078 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TXSeries for Multiplatforms	8.2
IBM TXSeries for Multiplatforms	9.1

Remediation/Fixes

Product

Version

Defect

Remediation / First Fix

—|—|—|—

IBM TXSeries for Multiplatforms v9.1

9.1.0.0
9.1.0.2

127794

| Download fix here

IBM TXSeries for Multiplatforms v8.2

8.2.0.0
8.2.0.1
8.2.0.2

127794

| Download fix here

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtxseries_for_multiplatformsMatch8.2

ibmtxseries_for_multiplatformsMatch9.1

VendorProductVersionCPE
ibmtxseries_for_multiplatforms8.2cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*
ibmtxseries_for_multiplatforms9.1cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	txseries_for_multiplatforms	8.2	cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:::::::*
ibm	txseries_for_multiplatforms	9.1	cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:::::::*

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

23.7%

JSON

Related for 2F4350D82861A16E7FA7677193B4424A1998CA8DC20D5DC62CDEA0A69D649F53