Vulnerability Details CVE-2022-39161
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.8%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2022-39161
-
cpe:2.3:a:ibm:websphere_application_server:-
-
cpe:2.3:a:ibm:websphere_application_server:7.0
-
cpe:2.3:a:ibm:websphere_application_server:8.0
-
cpe:2.3:a:ibm:websphere_application_server:8.5
-
cpe:2.3:a:ibm:websphere_application_server:9.0