An IBM WebSphere Application Server Vulnerability has been addressed.
On July 8, 2022, The National Vulnerability Database published that IBM WebSphere Application Server Liberty 188.8.131.52 through 184.108.40.206 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. It was given a score of 8.8 (High).
On July 27 IBM published the following recommendations and fixes:
For IBM WebSphere Application Server Liberty 220.127.116.11 – 18.104.22.168 using the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature(s):
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH47867
· Apply Liberty Fix Pack 22.214.171.124 or later (targeted availability 3Q2022).
Additional interim fixes may be available and linked off the interim fix download page.
It is strongly recommended that you address this IBM WebSphere Application Server Vulnerability right away. The fix pack that contains the APAR PH47867 is currently available.
In some cases, Liberty uses features that are not listed in the server.xml file. If you’re not sure whether your Liberty server has one of the specified security features, the only way to be certain is to check the CWWKF0012I message in the console.log, messages.log, or trace log from the Liberty server.
Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka®, IBM MQ™, IBM IIB™, TIBCO EMS™, WebSphere™, JBoss™, & Apache™, URLs, and SOAP & REST-based web services.
New IBM MQ Explorer Vulnerability A new IBM MQ Explorer vulnerability has been announced. MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard. CVE(s): CVE-2022-22489 Affected product(s) and [...]
Ensure Data Availability and Integrity with the new IBM MQ Appliance, M2003 Thu, Aug 11, 2022 12:00 PM EDT SummaryThe IBM MQ Appliance M2003 brings together next-generation hardware and IBM MQ firmware, packed with the latest updates, to provide [...]
Posted 8/1/2022 on the IBM Support Page IBM MQ multi-instance and RDMQ require same userid for user 'mqm' and same groupid for group 'mqm' across nodes. Read this article to learn discrepancies with the file ownership when [...]
An IBM WebSphere Application Server Vulnerability has been addressed. CVE-2022-22476 On July 8, 2022, The National Vulnerability Database published that IBM WebSphere Application Server Liberty 126.96.36.199 through 188.8.131.52 and Open Liberty are vulnerable to identity spoofing by an authenticated [...]