CVE-2022-22393: 
IBM WebSphere App Server vulnerability analysis and mitigation

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.5, with the adminCenter-1.0 feature configured, is affected by an information disclosure vulnerability identified as CVE-2022-22393. The vulnerability was disclosed on May 13, 2022, and allows authenticated users to obtain status information about HTTP/HTTPS ports accessible by the application server (IBM Security).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. However, IBM Corporation assessed it with a lower CVSS v3.0 Base Score of 3.1 (LOW) with vector string CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability specifically affects systems where the adminCenter-1.0 feature is enabled (NVD Database).

When exploited, this vulnerability allows authenticated users to obtain information about the status of HTTP/HTTPS ports that are accessible by the application server. This could potentially lead to unauthorized information disclosure about the server's network configuration (IBM Security).

IBM recommends addressing the vulnerability by either applying the interim fix PH45086 or upgrading to Liberty Fix Pack 22.0.0.6 or later. Before applying fixes, users should verify if the adminCenter-1.0 feature is enabled in their Liberty installation. No workarounds are available for this vulnerability (IBM Security).