Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the adminCenter-1.0 feature enabled that allows arbitrary code to be executed in the browser. This has been addressed.

Vulnerability Details

CVEID: CVE-2021-23450

DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH43148 or APAR PH43817. To determine if a feature is enabled for WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature.

[…]

Click here to view original web page at www.ibm.com

By Scott Treggiari|2022-03-16T15:51:08-04:00March 16th, 2022|Infrared360® Blog, IT Infrastructure, Middleware, WebSphere Application Server|

About the Author: Scott Treggiari

AVADA SOFTWARE AT A GLANCE

Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka^®, IBM^® MQ, IBM^® ACE/IIB, ActiveMQ^®, WebSphere^®, JBoss^®, and Tomcat^®Application Servers, URLs, SOAP & REST-based web services, IBM^® DataPower^® and MQ Appliance.

Latest Insight

Tweets by AvadaSoftware

The Middleware Blog

IBM MQ Queue Management Best Practices
Gallery
IBM MQ Queue Management Best Practices

IBM MQ, Infrared360® Blog, IT Infrastructure, Middleware

John Ghilino2024-09-25T16:49:08-04:00June 7th, 2024|

IBM MQ Queue Management: Essential Tips for High Performance and Security

IBM MQ is a messaging middleware that facilitates the seamless integration of diverse applications by allowing them to exchange data and messages. As a critical component in modern IT environments, effective queue management in IBM MQ ensures the smooth and efficient flow of messages, preventing bottlenecks and ensuring high availability and reliability.

Proper queue management is essential for maintaining system […]

IBM MQ 9.4 Release: Key Features and Cloud Integration Benefits
Gallery
IBM MQ 9.4 Release: Key Features and Cloud Integration Benefits

Infrared360® Blog, IT Infrastructure, Middleware

John Ghilino2024-05-22T14:24:44-04:00May 22nd, 2024|

IBM MQ 9.4 Release: Key Features and Cloud Integration Benefits

Avada Software is pleased to share that IBM has announced the release of IBM MQ Version 9.4, which will be available on June 18, 2024.

This version introduces a range of enhancements designed to improve security, flexibility, and performance of IBM MQ. […]

How to Retrieve IBM® MQ Queue Status and Statistics
Gallery
How to Retrieve IBM® MQ Queue Status and Statistics

Infrared360® Blog, IT Infrastructure, Middleware

Peter D'Agosta2024-05-07T10:39:40-04:00May 1st, 2024|

Retrieving IBM^® MQ Queue Status and Statistics: A Simplified Approach

To retrieve the status and statistics of an IBM MQ Queue using command line tools, you’ll primarily use the runmqsc command line tool. This utility allows you to interact with a queue manager and gather various types of data about the queues it manages.

Below are the detailed steps required to check the status and statistics of an MQ Queue, but […]

ActiveMQ vs RabbitMQ: Choosing the Best Messaging Solution for your Enterprise
Gallery
ActiveMQ vs RabbitMQ: Choosing the Best Messaging Solution for your Enterprise

ActiveMQ, Infrared360® Blog, IT Infrastructure, Middleware

John Ghilino2024-04-24T16:19:27-04:00April 24th, 2024|

ActiveMQ^® vs RabbitMQ™: Unveiling the Best Messaging Solution for Your Enterprise Needs

Message queuing is pivotal in modern IT infrastructures, promoting asynchronous communication that boosts efficiency and reliability. These systems are essential for enterprise applications, ensuring robust data exchange even during system failures—key to maintaining data flow integrity.

Advancements in Message Queuing
Continual advancements have rendered message queuing crucial across various industries, such as finance and telecommunications, […]

Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise
Gallery
Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise

Infrared360® Blog, IT Infrastructure, Middleware, Modernization, News & Updates

John Ghilino2024-04-04T13:15:21-04:00April 4th, 2024|

Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise

We’ve rounded up our top IBM MQ and other related articles from Q1 2024. Dive into the latest MQ trends from IBM TechCon, discover hidden MQ optimization tips, learn about specialized middleware monitoring, level up your MQ testing with synthetic transactions, conquer the Dead Letter Queue, and finally, beat alert fatigue for good! IBM TechCon ’24: […]

IBM TechCon Recap: Red Hat OpenShift for Kubernetes and Hybrid Cloud Applications
Gallery
IBM TechCon Recap: Red Hat OpenShift for Kubernetes and Hybrid Cloud Applications

Infrared360® Blog, IT Infrastructure

John Ghilino2024-03-27T17:24:32-04:00March 27th, 2024|

IBM TechCon Session Recap: Red Hat OpenShift for Streamlining Kubernetes and Hybrid Cloud Applications This IBM TechCon recap explores the presentation “Develop, deploy and evolve with Hybrid Cloud” and its emphasis on Red Hat OpenShift as a solution designed to streamline Kubernetes adoption and application development in hybrid cloud environments. Speakers Siamak Sadeghianfar (Red Hat) and Shane O’Rourke (IBM) highlighted OpenShift’s focus on consistency, integrated tooling, and security […]

We are proud supporters of:

Avada Software. All Rights Reserved |This website may contain logos and trademarks of third parties. These are the property of their respective owners and are used on this site for informational purposes only. Avada Software does not claim any ownership or association with these trademarks or, except where explicitly stated, their respective organizations. | Privacy Policy

About the Author: Scott Treggiari

Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360

Critical ReDoS and SSRF ACE Vulnerabilities Addressed

Webinar: Maximize the value of your data by integrating IBM MQ and IBM Event Automation

Addressing Two IBM App Connect Enterprise Vulnerabilities

How the IBM MQ Kafka Connector Works

AVADA SOFTWARE AT A GLANCE

Latest Insight

The Middleware Blog

IBM MQ Queue Management Best Practices

IBM MQ 9.4 Release: Key Features and Cloud Integration Benefits

How to Retrieve IBM® MQ Queue Status and Statistics

ActiveMQ vs RabbitMQ: Choosing the Best Messaging Solution for your Enterprise

Q1 2024: 6 Must-Read MQ Resources to Boost Your Expertise

IBM TechCon Recap: Red Hat OpenShift for Kubernetes and Hybrid Cloud Applications

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

About the Author: Scott Treggiari

Related Posts

AVADA SOFTWARE AT A GLANCE

Latest Insight

The Middleware Blog