Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDBA2DF51C6E33957DBC18FE65A05BCE1401E2F57098CF33C02FC182786F9E9BF
HistoryJan 09, 2023 - 4:46 p.m.

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway

2023-01-0916:46:35
www.ibm.com
15
ibm websphere
open liberty
cics transaction gateway
identity spoofing
cve-2022-22475
vulnerability
apar
remediation

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.6%

JSON

Summary

There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-22475
**DESCRIPTION:**IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS Transaction Gateway 9.1
IBM CICS Transaction Gateway 9.2
IBM CICS Transaction Gateway 9.3

Remediation/Fixes

Apply the applicable CICS Transaction Gateway APAR below.

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—
CICS Transaction Gateway for Multiplatforms| 9.1.0.3| PH51694| All Platforms Link
CICS Transaction Gateway for Multiplatforms| 9.2.0.2| PH51694|

All Platforms Link

CICS Transaction Gateway for Multiplatforms| 9.3.0.0| PH51694|

AIX Link

pLinux Link

Windows Link

iLinux Link

zLinux Link

x86 Container Link

390x Container Link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_transaction_gatewayMatch9.1
OR
ibmcics_transaction_gatewayMatch9.2
OR
ibmcics_transaction_gatewayMatch9.3
VendorProductVersionCPE
ibmcics_transaction_gateway9.1cpe:2.3:a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
ibmcics_transaction_gateway9.2cpe:2.3:a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*
ibmcics_transaction_gateway9.3cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:*:*:*

Related

ibm 51
nessus 1
cvelist 1
nvd 1
cnvd 1
cve 1
prion 1
osv 1
ibm
ibm
Security Bulletin: Rational Asset Analyzer is vulnerable to Identity Spoofing (CVE-2022-22475)
2022-09-06 23:10:54
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products - CVE-2022-22475
2022-09-14 15:28:14
Security Bulletin: IBM MQ is affected by an identity spoofing issue in IBM WebSphere Application Server Liberty (CVE-2022-22475)
2023-02-08 11:32:43
nessus
nessus
IBM WebSphere Application Server Liberty 17.0.0.3 < 22.0.0.5 Identity Spoofing (6586734)
2022-05-19 00:00:00
cvelist
cvelist
CVE-2022-22475
2022-05-17 16:25:23
nvd
nvd
CVE-2022-22475
2022-05-17 17:15:08
cnvd
cnvd
IBM WebSphere Application Server Liberty Input Validation Error Vulnerability
2022-05-23 00:00:00
cve
cve
CVE-2022-22475
2022-05-17 17:15:08
prion
prion
Design/Logic Flaw
2022-05-17 17:15:00
osv
osv
CVE-2022-22475
2022-05-17 17:15:08

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.6%

JSON
Related for DBA2DF51C6E33957DBC18FE65A05BCE1401E2F57098CF33C02FC182786F9E9BF
ibm51nessus1cvelist1nvd1cnvd1cve1prion1osv1