CVE-2022-43917 MEDIUM

CVE-2022-43917: IBM WebSphere Application Server information disclosure

Vendor Ibm
Product WebSphere Application Server
Weakness CWE-327 · Broken crypto
Published January 25, 2023
Last update March 31, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Key dates

02Disclosure timeline

January 25, 2023 CVE published
March 31, 2025 Record updated