High Severity
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities
March 2, 2022
Categorized: High Severity
Share this post:
There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-25313, CVE-2022-25315, CVE-2022-25235,CVE-2022-25236). This has been addressed.
CVE(s): CVE-2022-25236, CVE-2022-25235, CVE-2022-25313, CVE-2022-25315
Affected product(s) and affected version(s):
This vulnerability affects the following version and release of IBM HTTP Server (powered by Apache) component in all editions of IBM WebSphere Application Server and bundling products.
| Affected Product(s) | Version(s) |
| IBM HTTP Server | 9.0 |
| IBM HTTP Server | 8.5 |
| IBM HTTP Server | 8.0 |
| IBM HTTP Server | 7.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6560814
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219782
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219947
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219945
Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)
June 29, 2022 | High Severity
OpenSSL vulnerabilities were disclosed on March 15, 2022 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect Backup-Archive Client for network connections with NetApp services, has addressed the applicable CVE. ...read more
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
June 29, 2022 | High Severity
There are multiple vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. These vulnerabilities include elevation of privileges, obtaining sensitive information, denial of service, execution of arbitrary code on the system, bypassing security restrictions, and buffer overflow. ...read more
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to various attacks due to its use of redis (CVE-2021-32675, CVE-2021-32626, CVE-2021-32672)
June 29, 2022 | High Severity
Redis is used by several components in IBM Cloud Pak for Multicloud Management Monitoring as an in-memory shared cache database. It is not exposed outside the cluster. ...read more