Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the adminCenter-1.0 feature enabled that allows arbitrary code to be executed in the browser. This has been addressed.

Vulnerability Details

CVEID: CVE-2021-23450

DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH43148 or APAR PH43817. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature.

[…]

Click here to view original web page at www.ibm.com

By Scott Treggiari|2022-03-16T15:51:08-04:00March 16th, 2022|Infrared360® Blog, IT Infrastructure, Middleware, WebSphere Application Server|

About the Author: Scott Treggiari

AVADA SOFTWARE AT A GLANCE

Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka^®, IBM^® MQ, IBM^® ACE/IIB, ActiveMQ^®, WebSphere^®, JBoss^®, and Tomcat^®Application Servers, URLs, SOAP & REST-based web services, IBM^® DataPower^® and MQ Appliance.

Latest Insight

Tweets by AvadaSoftware

The Middleware Blog

What is Observability? Your Guide to Understanding System Behavior
Gallery
What is Observability? Your Guide to Understanding System Behavior

Infrared360® Blog, IT Infrastructure, Middleware

John Ghilino2024-04-19T14:47:04-04:00April 17th, 2024|

What is Observability and Why Does it Matter for Your Systems? Have you ever spent hours struggling to pinpoint the root cause of a mysterious system outage? Does it frustrate you when applications suddenly slow to a crawl without a clear reason? These frustrating scenarios are all too common.

That’s where observability proves invaluable. It enables you to rapidly diagnose problems at their source and proactively optimize performance, enhancing system stability […]

Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise
Gallery
Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise

Infrared360® Blog, IT Infrastructure, Middleware, Modernization, News & Updates

John Ghilino2024-04-04T13:15:21-04:00April 4th, 2024|

Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise

We’ve rounded up our top IBM MQ and other related articles from Q1 2024. Dive into the latest MQ trends from IBM TechCon, discover hidden MQ optimization tips, learn about specialized middleware monitoring, level up your MQ testing with synthetic transactions, conquer the Dead Letter Queue, and finally, beat alert fatigue for good! IBM TechCon ’24: […]

IBM TechCon Recap: Red Hat OpenShift for Kubernetes and Hybrid Cloud Applications
Gallery
IBM TechCon Recap: Red Hat OpenShift for Kubernetes and Hybrid Cloud Applications

Infrared360® Blog, IT Infrastructure

John Ghilino2024-03-27T17:24:32-04:00March 27th, 2024|

IBM TechCon Session Recap: Red Hat OpenShift for Streamlining Kubernetes and Hybrid Cloud Applications This IBM TechCon recap explores the presentation “Develop, deploy and evolve with Hybrid Cloud” and its emphasis on Red Hat OpenShift as a solution designed to streamline Kubernetes adoption and application development in hybrid cloud environments. Speakers Siamak Sadeghianfar (Red Hat) and Shane O’Rourke (IBM) highlighted OpenShift’s focus on consistency, integrated tooling, and security […]

IBM TechCon 2024: “IBM MQ and Event Automation – Better Together” – Session Recap
Gallery
IBM TechCon 2024: “IBM MQ and Event Automation – Better Together” – Session Recap

Infrared360® Blog, IT Infrastructure

John Ghilino2024-03-25T15:04:02-04:00March 21st, 2024|

IBM TechCon 2024 Session Recap: “IBM MQ and Event Automation – Better Together”

IBM® MQ is a robust messaging solution known for its reliability, while IBM Event Automation simplifies the creation of event-driven applications. In their IBM TechCon 2024 session, David Ware, CTO of IBM MQ and Event Automation, IBM and Matt Sunley, Program Director for Event Automation, IBM explained how integrating these technologies benefits businesses. They gain […]

IBM TechCon 2024 Recap: IBM MQ and Event Automation – What’s New and Trends
Gallery
IBM TechCon 2024 Recap: IBM MQ and Event Automation – What’s New and Trends

Infrared360® Blog, IT Infrastructure

John Ghilino2024-04-03T15:43:54-04:00March 20th, 2024|

IBM TechCon 2024 Session Recap: IBM MQ and Event Automation – What’s New and Trends

This recap dives into the latest advancements in IBM MQ and Event Automation, unveiled at IBM TechCon 2024.

IBM MQ: Still a Powerful Messaging Foundation

The session kicked off with David Ware showcasing how IBM MQ, despite the rise of real-time data, remains a critical foundation for businesses. David […]

Middleware Observability vs. General IT Observability
Gallery
Middleware Observability vs. General IT Observability

Infrared360® Blog, IT Infrastructure

Peter D'Agosta2024-03-15T11:47:07-04:00March 15th, 2024|

Table of Contents

Middleware Observability vs. General IT Observability – Understanding the Nuances

What’s the difference between Middleware observability and other IT observability?

IT operations and site reliability engineering (SRE) teams use infrastructure observability tools like Datadog and SolarWinds to understand the current state of their infrastructure, and the applications that run on them, at all times. For most companies, this means servers, […]

We are proud supporters of: