The host is installed with WebSphere Application Server Network Deployment 8.5.x through 8.5.5.3 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to handle OpenID and OpenID Connect cookies. Successful exploitation could allow attackers to obtain sensitive information.