Lucene search
HistorySep 28, 2022 - 4:15 p.m.
CVE-2022-35282
ibm
websphere
ssrf
vulnerability
sensitive data
CVSS3
6.5
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
17.7%
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.
Affected configurations
Node
ibmwebsphere_application_serverRange7.0.0.0–7.0.0.45
ORibmwebsphere_application_serverRange8.0.0.0–8.0.0.15
ORibmwebsphere_application_serverRange8.5.0.0–8.5.5.22
ORibmwebsphere_application_serverRange9.0.0.0–9.0.5.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | * | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
Related
cnvd
cnvd
IBM WebSphere Application Server Code Issue Vulnerability (CNVD-2022-66768)
2022-09-29 00:00:00
ibm
ibm
cve
cve
CVE-2022-35282
2022-09-28 16:15:11
nessus
nessus
IBM WebSphere Application SSRF (6824179)
2022-09-30 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-09-28 16:15:00
cvelist
cvelist
CVE-2022-35282
2022-09-28 15:55:14
CVSS3
6.5
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2022-35282