Lucene search

K
ibmIBM498BF4337F9182CBF5A6A9B7FA247BE22B32ECA0FE761B3BD42727138995AC41
HistoryApr 19, 2022 - 8:39 p.m.

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

2022-04-1920:39:55
www.ibm.com
3

0.003 Low

EPSS

Percentile

66.4%

Summary

IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) and Version(s) Affecting Product(s) and Version(s)

IBM WebSphere Hybrid Edition

  • 5.1
    |

IBM WebSphere Application Server Liberty

  • 21.0.0.12 - 22.0.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH44762 as described in Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708) .

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm websphere hybrid editioneq5.1

0.003 Low

EPSS

Percentile

66.4%

Related for 498BF4337F9182CBF5A6A9B7FA247BE22B32ECA0FE761B3BD42727138995AC41