SSL Server Hostname Spoofing Vulnerability in IBM WebSphere Application Server with Ajax Proxy Web Application

SSL Server Hostname Spoofing Vulnerability in IBM WebSphere Application Server with Ajax Proxy Web Application

CVE-2022-22365 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

Learn more about our Cis Benchmark Audit For Ibm Websphere.