CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
19.6%
There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE.
CVEID:CVE-2022-22475
**DESCRIPTION:**IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM CICS Transaction Gateway | 9.1 |
IBM CICS Transaction Gateway | 9.2 |
IBM CICS Transaction Gateway | 9.3 |
Apply the applicable CICS Transaction Gateway APAR below.
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
CICS Transaction Gateway for Multiplatforms| 9.1.0.3| PH51694| All Platforms Link
CICS Transaction Gateway for Multiplatforms| 9.2.0.2| PH51694|
CICS Transaction Gateway for Multiplatforms| 9.3.0.0| PH51694|
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cics_transaction_gateway | 9.1 | cpe:2.3:a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:* |
ibm | cics_transaction_gateway | 9.2 | cpe:2.3:a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:* |
ibm | cics_transaction_gateway | 9.3 | cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
19.6%