Severity
Medium
Analysis Summary
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack.
CVE-2021-39038
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
Impact
- Unauthorized Access
Indicators of Compromise
CVE
- CVE-2021-39038
- CVE-2022-22349
Affected Vendors
IBM
Affected Products
- IBM Sterling External Authentication Server 6.0.3.0
- IBM Sterling External Authentication Server 6.0.2.0
- IBM Sterling External Authentication Server 3.4.3.2
- IBM WebSphere Application Server 9.0
- IBM WebSphere Application Server Liberty 17.0.0.3
- IBM WebSphere Application Server Liberty 22.0.0.2
Remediation
Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.
CVE-2022-22349
CVE-2021-39038