IBM WebSphere Application Server Vulnerability Addressed

View Larger Image

An IBM WebSphere Application Server Vulnerability has been addressed.

CVE-2022-22476

On July 8, 2022, The National Vulnerability Database published that IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. It was given a score of 8.8 (High).

See IBM X-Force ID: 225604

On July 27 IBM published the following recommendations and fixes:

For IBM WebSphere Application Server Liberty 17.0.0.3 – 22.0.0.7 using the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature(s):
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH47867
–OR–
· Apply Liberty Fix Pack 22.0.0.8 or later (targeted availability 3Q2022).
Additional interim fixes may be available and linked off the interim fix download page.

It is strongly recommended that you address this IBM WebSphere Application Server Vulnerability right away. The fix pack that contains the APAR PH47867 is currently available.

In some cases, Liberty uses features that are not listed in the server.xml file. If you’re not sure whether your Liberty server has one of the specified security features, the only way to be certain is to check the CWWKF0012I message in the console.log, messages.log, or trace log from the Liberty server.

Workarounds and Mitigations

None

Articles & Papers

Overcome the Challenges of Moving Core Banking and Transaction Processing to the Cloud

Secure the Edge with IBM^® DataPower^® Gateway Appliance

5 Challenges & Solutions When Modernizing Your Middleware Infrastructure

Proactive vs. Forensic – Middleware – Health Monitoring

Seven Middleware Challenges You Must Overcome Before Your Cloud Migration

Monitoring Widely Distributed Environments Without Losing Focus

eBook: Inside IBM MQ Deployment Choices

Contain Costs and Mitigate Risks of Transactions on the Middleware Superhighway

Case Studies

Parker Hannifin Improves Efficiencies Across Business Units with Infrared360® and Trusted Spaces™

Alight Implements Secure, Holistic Self-Service Messaging

Sompo International Builds Business Platform Optimization with SOAP and REST Monitoring

The power of a healthy network: Visiting Nurse Service of New York harnesses IBM, partner technology to streamline patient care.

Video

The Business Case for Modernizing Your MQ Estate Today

Improving Productivity Through Smart, Safe Self-Service

Managing Middleware in Hybrid Cloud

Integrating Data in the Cloud with IBM App Connect

Transforming Your IBM MQ Estate Using Containers

Integration Modernization Lessons Learned

IBM MQ: Enterprise-wide Integration for Modern Distributed Environments

Understanding External Influences on Your Integration Strategy and Direction

Analyst Reports

Peer Reviews for Infrared360®

Avada Software named one of Most Promising IBM Solutions Providers for 2022

A Systems Integrator and Services Provider Cuts Costs, Creates New Revenue Streams While Improving Service Delivery

Infrared360 named one of CIOReview’s 20 Most Promising APM Solution Providers

Analyst Report: Managing an IBM MQ Environment at USBank

CIO Feedback/Data Sheet

By Scott Treggiari|2022-07-27T22:43:29+00:00July 27th, 2022|IBM Community, Infrared360® Blog, IT Infrastructure Monitoring & Management, Middleware, Security, Uncategorized, WebSphere Application Server|0 Comments

About the Author: Scott Treggiari

AVADA SOFTWARE AT A GLANCE

Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka^®, IBM MQ™, IBM IIB™, TIBCO EMS™, WebSphere™, JBoss™, & Apache™, URLs, and SOAP & REST-based web services.

Latest Insight

Tweets by AvadaSoftware

Blog Posts

Third Thursdays: A Conversation Around IBM Products – MQ Ansible – A Live Technical Q&A

Third Thursdays: A Conversation Around IBM Products - MQ Ansible - A Live Technical Q&A Are you tired of manually deploying IBM MQ on each of your virtual machines (VMs)? Do you find it challenging to deal with [...]

MQ Admin Tools News: Fix for MQ going into unresponsive state.

MQ Admin Tool News: Fix for QM to go into unresponsive state. Back in March of 2022, IBM acknowledged an issue when upgrading to MQ 9.2.x CD. The problem, it seems, is that the the queue manager intermittently hangs. [...]

IBM Champions Class of 2023: Our Own Peter D’Agosta Named

We would like to congratulate our very own Peter D’Agosta for being named to the IBM Champions Class of 2023. From IBM: "IBM Champions demonstrate practical expertise in IBM technologies while providing extraordinary support and advocacy in IBM digital [...]

News From Your IBM MQ Cloud Integration Team from Our Friends at IDI

News From Your IBM MQ Cloud Integration Team at Information Design Inc. By: Nick Felicione Information Design, Inc What’s new in 2023? We are pleased to announce that IBM is making changes in the way they deploy IBM MQ updates. [...]

We are proud supporters of:

© 2020 Avada Software. All Rights Reserved | Privacy Policy | Support Login