Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server October 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-23477)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty used by IBM Cloud Pak for Watson AIOps is vulnerable to HTTP header injection (CVE-2022-34165)

Summary A vulnerability was identified within the IBM WebSphere Application Server Liberty library that is used by IBM Cloud Pak for Watson AIOps. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-23477)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

IBM WebSphere Application Server 代码注入漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform.A code injection vulnerability exists in IBM WebSphere...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-23477)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: HTTP header injection vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-34165)

Summary Watson Knowledge Catalog for IBM Cloud Pak for Data has an internal dependency on IBM WebSphere Application Server Liberty. Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to a HTTP header injection. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165...

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2022-21626)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 - Includes Oracle October 2022 CPU Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION:...

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Workload Scheduler is vulnerable to HTTP header injection

Summary WebSphere Application Server Liberty is vulnerable to HTTP header injection CVE-2022-34165. This has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 throug...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

CVE-2022-43917

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045...

CVE-2022-43917

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045...

Code injection

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045...

IBM WebSphere Application Server 加密问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 8.5 and 9.0 ha...

Security Bulletin: Vulnerabilities in the protobuf-java may affect IBM Robotic Process Automation and could result in a denial of service (CVE-2022-3171, CVE-2022-3509)

Summary There is a vulnerability in protobuf-java used by IBM WebSphere Liberty which may result in a denial of service. IBM Robotic Process Automation for Cloud Pak uses IBM WebSphere Liberty as part of it's User Management Services. This bulletin identifies the security fixes to apply to addres...

CVE-2022-43917

CVE-2022-43917 affects IBM WebSphere Application Server traditional container (versions 8.5 and 9.0). Root cause: use of weaker than expected cryptographic keys in the containerized traditional version, enabling potential information disclosure. Impact per sources: confidentiality may be compromi...

CVE-2022-43917 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045...

CVE-2022-43917 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2022-40750)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java (CVE-2022-3509, CVE-2022-3171)

Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin:...