High Severity

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing with authenticated user and ability to bypass security restrictions due to Eclipse Paho Java client (CVE-2019-11777, CVE-2022-22476)

Share this post:

IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing by an authenticated user (CVE-2022-22476) and the ability to bypass security restrictions due to Eclipse Paho Java client (CVE-2019-11777) as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to IBM WebSphere Application Server Liberty for IBM i as described in the remediation/fixes section.

CVE(s): CVE-2022-22476, CVE-2019-11777

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM i 7.5
IBM i 7.4
IBM i 7.3
IBM i 7.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6619843
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225604
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167068

More stories

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

November 30, 2022 | High Severity

IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ansible

November 30, 2022 | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ansible. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in AWS SDK for Java

November 30, 2022 | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of AWS SDK for Java. ...read more