6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.9%
IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. This affects The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty versions 22.0.0.7 and prior.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
ELM | 7.0.2 |
ELM | 7.0.1 |
Versions Affected: 17.0.0.3 - 23.0.0.5
If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.
Link : <https://www.ibm.com/support/pages/node/6602015>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm engineering lifecycle management base | eq | 7.0.1 | |
ibm engineering lifecycle management base | eq | 7.0.2 |
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.9%