Details of VAR-202207-0990

ID

VAR-202207-0990

CVE

CVE-2022-22477

TITLE

IBM WebSphere Application Server Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-55504 // CNNVD: CNNVD-202207-1286

DESCRIPTION

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. Vendor exploits this vulnerability IBM X-Force ID: 225605 It is published as.Information may be obtained and information may be tampered with. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An attacker could exploit this vulnerability to execute JavaScript code on the client side

Trust: 2.25

sources: NVD: CVE-2022-22477 // JVNDB: JVNDB-2022-015439 // CNVD: CNVD-2022-55504 // VULMON: CVE-2022-22477

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-55504

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere application server	scope:	eq	version:	8.5	Trust: 2.4
vendor:	ibm	model:	websphere application server	scope:	eq	version:	9.0	Trust: 2.4
vendor:	ibm	model:	websphere application server	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-55504 // JVNDB: JVNDB-2022-015439 // NVD: CVE-2022-22477

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@us.ibm.com:	CVE-2022-22477
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-22477
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22477
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-55504
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202207-1286
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-55504
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2022-22477
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2022-22477
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-55504 // JVNDB: JVNDB-2022-015439 // CNNVD: CNNVD-202207-1286 // NVD: CVE-2022-22477 // NVD: CVE-2022-22477

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-015439 // NVD: CVE-2022-22477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-1286

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202207-1286

PATCH

title:	6603417 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6603417	Trust: 0.8
title:	Patch for IBM WebSphere Application Server Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/341876	Trust: 0.6
title:	IBM WebSphere Application Server Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199930	Trust: 0.6

sources: CNVD: CNVD-2022-55504 // JVNDB: JVNDB-2022-015439 // CNNVD: CNNVD-202207-1286

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22477	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-015439	Trust: 0.8
db:	CNVD	id:	CNVD-2022-55504	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3484	Trust: 0.6
db:	CS-HELP	id:	SB2022071406	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1286	Trust: 0.6
db:	VULMON	id:	CVE-2022-22477	Trust: 0.1

sources: CNVD: CNVD-2022-55504 // VULMON: CVE-2022-22477 // JVNDB: JVNDB-2022-015439 // CNNVD: CNNVD-202207-1286 // NVD: CVE-2022-22477

REFERENCES

url:	https://www.ibm.com/support/pages/node/6603417	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/225605	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22477	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-22477/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071406	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3484	Trust: 0.6
url:	https://vigilance.fr/vulnerability/websphere-as-cross-site-scripting-via-web-ui-38840	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-55504 // VULMON: CVE-2022-22477 // JVNDB: JVNDB-2022-015439 // CNNVD: CNNVD-202207-1286 // NVD: CVE-2022-22477

SOURCES

db:	CNVD	id:	CNVD-2022-55504
db:	VULMON	id:	CVE-2022-22477
db:	JVNDB	id:	JVNDB-2022-015439
db:	CNNVD	id:	CNNVD-202207-1286
db:	NVD	id:	CVE-2022-22477

LAST UPDATE DATE

2024-08-14T14:55:23.861000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-55504	date:	2022-08-04T00:00:00
db:	VULMON	id:	CVE-2022-22477	date:	2022-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-015439	date:	2023-09-27T03:42:00
db:	CNNVD	id:	CNNVD-202207-1286	date:	2022-07-21T00:00:00
db:	NVD	id:	CVE-2022-22477	date:	2022-07-20T10:38:10.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-55504	date:	2022-07-29T00:00:00
db:	VULMON	id:	CVE-2022-22477	date:	2022-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-015439	date:	2023-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202207-1286	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2022-22477	date:	2022-07-14T17:15:08.490