Critical Severity

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

Share this post:

There are multiple vulnerabilities in the Expat library affecting the IBM HTTP Server used by IBM WebSphere Application Server (CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, and CVE-2022-22827). This has been addressed.

CVE(s): CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827

Affected product(s) and affected version(s):

This vulnerability affects the following version and release of IBM HTTP Server (powered by Apache) component in all editions of IBM WebSphere Application Server and bundling products. 

Affected Product(s) Version(s)
IBM HTTP Server 9.0
IBM HTTP Server 8.5
IBM HTTP Server 8.0
IBM HTTP Server 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6559296
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216473
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216908
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218206
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218007
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216905
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216906
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216904
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216901

More stories

Security Bulletin: Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System

August 15, 2022 | Critical Severity

Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]

August 15, 2022 | Critical Severity

There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. [CVE-2022-33980] ...read more


Security Bulletin: Multiple Vulnerabilities in jackson-databind shipped with IBM Cloud Pak System

August 12, 2022 | Critical Severity

Vulnerabilities identified in jackson-databind shipped with IBM Cloud Pak System. IBM Clous Pak System addresssed vulnerabilities. ...read more