High Severity

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)

Share this post:

IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP requst smuggling and a buffer overflow attack as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes section.

CVE(s): CVE-2022-22720, CVE-2022-22721

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM i 7.5
IBM i 7.4
IBM i 7.3
IBM i 7.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6594551
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221668
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221666

More stories

Security Bulletin: IBM QRadar DNS Analyzer App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-31129, CVE-2022-24785, CVE-2017-18214)

October 5, 2022 | High Severity

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. ...read more


Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2022-25647, XFID: 233967)

October 5, 2022 | High Severity

IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Apache Santuario Security for Java provides a mechanism for XML-Signature & XML Encryption syntax and processing (CVE-2021-40690). Google Gson is an open-source Java library to serialize and deserialize Java objects to (and from) JSON (CVE-2022-25647). Maven okHTTP is an efficient HTTP & HTTP/2 client for Android and Java applications (XFID:233967). These vulnerabilities have been addressed. ...read more


Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-11777)

October 4, 2022 | High Severity

IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more