Vulnerability CVE-2022-22476 - CERT Civis.Net

Vulnerability Name:

CVE-2022-22476 (CCN-225604)

Assigned:

2022-07-07

Published:

2022-07-07

Updated:

2022-08-03

Summary:

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2022-22476

Source: XF
Type: UNKNOWN
ibm-websphere-cve202222476-spoofing(225604)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-websphere-cve202222476-spoofing (225604)

Source: CCN
Type: IBM Security Bulletin 6602015 (WebSphere Application Server Liberty)
IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6602015

Source: CCN
Type: IBM Security Bulletin 6611057 (Cloud)
Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6612821 (Security Verify Governance)
Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-22475, CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6618013 (Cloud Pak for Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2022

Source: CCN
Type: IBM Security Bulletin 6618333 (SPSS Analytic Server)
IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6618351 (Cloud Application Business Insights)
Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-22475, CVE-2022-22476, CVE-2022-21540 & CVE-2022-21541

Source: CCN
Type: IBM Security Bulletin 6618613 (Rational Asset Analyzer)
Rational Asset Analyzer is vulnerable to identity spoofing by an authenticated user using a specially crafted request (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6618771 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak prior to 21.0.4

Source: CCN
Type: IBM Security Bulletin 6619289 (SPSS Collaboration and Deployment Services)
Multiple vulnerabilities in WebSphere Liberty affect SPSS Collaboration and Deployment Services

Source: CCN
Type: IBM Security Bulletin 6619843 (i)
IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing with authenticated user and ability to bypass security restrictions due to Eclipse Paho Java client (CVE-2019-11777, CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6619953 (WIoTP MessageGateway)
Vulnerabilities in openSSL and WebSphere Liberty affect IBM WIoTP MessageGateway (CVE-2022-22476 CVE-2019-11777 CVE-2022-22475 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292)

Source: CCN
Type: IBM Security Bulletin 6619983 (Log Analysis)
Identity Spoofing vulnerability in IBM WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6620251 (Tivoli Application Dependency Discovery Manager)
Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to Identity Spoofing (CVE-2022-22475 CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6620903 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6620969 (Watson Explorer)
Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2021-22476, CVE-2022-34165)

Source: CCN
Type: IBM Security Bulletin 6621141 (Spectrum Protect Operations Center)
Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-22476))

Source: CCN
Type: IBM Security Bulletin 6622033 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in Cloud Pak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6695793 (TXSeries for Multiplatforms)
An identity spoofing vulnerability in IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 6695817 (CICS TX Standard)
IBM CICS TX Standard is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6695827 (CICS TX Advanced)
IBM CICS TX Advanced is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6823727 (Spectrum Protect Backup-Archive Client)
Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Source: CCN
Type: IBM Security Bulletin 6823807 (MQ Appliance)
IBM MQ Appliance is vulnerable to identity spoofing (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6824133 (PowerVM NovaLink)
IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to identity spoofing by an authenticated user using a specially crafted request.

Source: CCN
Type: IBM Security Bulletin 6825189 (Match 360)
CP4D Match 360 is impacted due to vulnerability in IBM WebSphere Application Server Liberty due to Identity Spoofing (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6826615 (Tivoli Netcool/Impact)
A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6827897 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to identity spoofing due to use of IBM WebSphere Application Server Liberty (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6829073 (Cloud APM)
IBM Performance Management is affected by multiple vulnerabilities in IBM Websphere Application Server (CVE-2021-39031, CVE-2022-22393, and CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6830587 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6832104 (MQ)
IBM MQ is affected by an identity spoofing issue in IBM WebSphere Application Server Liberty (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6832462 (Watson Assistant for Cloud Pak for data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to WebSphere Application Server Liberty identity spoofing (CVE-2022-24476)

Source: CCN
Type: IBM Security Bulletin 6837189 (CICS Transaction Gateway)
An identity spoofing vulnerability in IBM WebSphere Application Server Liberty (CVE-2022-22476) affects CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6842115 (Operations Analytics Predictive Insights)
A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475)

Source: CCN
Type: IBM Security Bulletin 6844441 (Virtualization Engine TS7700 3957-VEC)
IBM Virtualization Engine TS7700 is vulnerable to multiple threats due to use of IBM WebSphere Application Server Liberty (CVE-2022-34165, CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6844721 (Spectrum Scale)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Spectrum Scale

Source: CCN
Type: IBM Security Bulletin 6847275 (Elastic Storage System)
A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System

Source: CCN
Type: IBM Security Bulletin 6847315 (Elastic Storage Server)
A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage Server

Source: CCN
Type: IBM Security Bulletin 6847541 (Spectrum Control)
IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

Source: CCN
Type: IBM Security Bulletin 6847789 (Copy Services Manager)
IBM Copy Services Manager is vulnerable to a remote attack vulnerabilities due to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6848225 (Netcool Operations Insight)
Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6953617 (Security Verify Access)
Security Vulnerabilities have been identifed in the IBM WebSphere Liberty product as shipped with the IBM Security Verify Access products.

Source: CCN
Type: IBM Security Bulletin 6953649 (InfoSphere Global Name Management)
Vulnerabilities in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-22475, CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6954411 (CICS Transaction Gateway)
Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6956866 (B2B Advanced Communications)
IBM B2B Advanced Communications is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6959941 (Financial Transaction Manager)
IBM Financial Transaction Manager is impacted by a vulnerability in WebSphere Liberty Server (CVE-2022-22476)

Source: CCN
Type: IBM Security Bulletin 6997581 (Security Directory Server)
Multiple Security Vulnerabilities have been fixed in the IBM Directory Server and IBM Directory Suite products (CVE-2022-22476, CVE-2022-34165)

Source: CCN
Type: IBM Security Bulletin 7011449 (Maximo Application Suite)
There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* (Version >= 17.0.0.3 and < 22.0.0.8)

OR cpe:/a:ibm:open_liberty:*:*:*:*:*:*:*:* (Version >= 17.0.0.3 and < 22.0.0.8)

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*

AND

cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:financial_transaction_manager:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_global_name_management:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_backup-archive_client:8.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:8.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_for_space_management:8.1.9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_backup-archive_client:8.1.9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_system:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_system:6.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_analytic_server:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_for_space_management:8.1.7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.1.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:multi-enterprise_integration_gateway:1.0.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable