Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server January 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Share this post:

IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2021. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published and is referenced in this security bulletin.

CVE(s): CVE-2022-21365 , CVE-2022-21360 , CVE-2022-21349 , CVE-2022-21341 , CVE-2022-21340 , CVE-2022-21305 , CVE-2022-21294 , CVE-2022-21293 , CVE-2022-21291 , CVE-2022-21248

Affected product(s) and affected version(s):

IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.3.3.4.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6597261
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217659
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217643
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217589
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217543