Lucene search

IBM45E7157B832402EBA6444DFDD7949682F43F6EC1E3BDA51140CDB662925CC390

HistoryJun 14, 2022 - 9:25 a.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-22365)

2022-06-1409:25:54

www.ibm.com

ibm security guardium

key lifecycle manager

websphere application server

cve-2022-22365

vulnerability

security bulletin

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

24.2%

JSON

Summary

WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5

Remediation/Fixes

Please consult the Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_key_lifecycle_managerMatch3.0

ibmsecurity_key_lifecycle_managerMatch3.0.1

ibmsecurity_key_lifecycle_managerMatch4.0

ibmsecurity_key_lifecycle_managerMatch4.1

VendorProductVersionCPE
ibmsecurity_key_lifecycle_manager3.0cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:*
ibmsecurity_key_lifecycle_manager3.0.1cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*
ibmsecurity_key_lifecycle_manager4.0cpe:2.3:a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:*
ibmsecurity_key_lifecycle_manager4.1cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_key_lifecycle_manager	3.0	cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0:::::::*
ibm	security_key_lifecycle_manager	3.0.1	cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0.1:::::::*
ibm	security_key_lifecycle_manager	4.0	cpe:2.3:a:ibm:security_key_lifecycle_manager:4.0:::::::*
ibm	security_key_lifecycle_manager	4.1	cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1:::::::*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

24.2%

JSON

Related for 45E7157B832402EBA6444DFDD7949682F43F6EC1E3BDA51140CDB662925CC390