March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory –Multiple IBM Security Verify Identity Manager Vulnerabilities
July 15, 2022Rewterz Threat Alert – Ramnit Malware – Active IOCs
July 16, 2022Rewterz Threat Advisory –Multiple IBM Security Verify Identity Manager Vulnerabilities
July 15, 2022Rewterz Threat Alert – Ramnit Malware – Active IOCs
July 16, 2022
Severity
Medium
Analysis Summary
CVE-2022-22477 CVSS:6.1
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2022-22473 CVSS:3.7
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system
Impact
- Cross-Site Scripting
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-22477
- CVE-2022-22473
Affected Vendors
IBM
Affected Products
- IBM WebSphere Application Server 8.5
- IBM WebSphere Application Server 9.0
- IBM WebSphere Application Server 7.0
- IBM WebSphere Application Server 8.0
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.