Medium Severity

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2022 CPU plus deferred CVE-2021-2163

Share this post:

There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the References section for more information. HP fixes are on a delayed schedule.

CVE(s): CVE-2021-2163

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM WebSphere Application Server Liberty Continuous delivery
IBM WebSphere Application Server 9.0
IBM WebSphere Application Server 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6616953
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200292

More stories

Security Bulletin: Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823)

November 29, 2022 | Medium Severity

Netty library vulnerabilities affect IBM Operations Analytics Predictive Insights [CVE-2021-43797 CVE-2022-24823]. Netty is used by IBM Operations Analytics Predictive Insight in the REST Mediation utility. The vulnerabilities have been addressed. ...read more


Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

November 29, 2022 | Medium Severity

Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities have been addressed: [ CVE-2021-35550, CVE-2021-35603] ( causing no confidentiality impact ), [CVE-2022-21248, CVE-2022-21291, CVE-2022-21434, CVE-2022-21496] ( causing no confidentiality impact, low integrity impact, and denial of service ), [CVE-2022-21443, CVE-2021-35561, CVE-2022-21360, CVE-2022-21341, CVE-2022-21305, CVE-2022-21349, CVE-2022-21340, CVE-2022-21294, CVE-2022-21293, CVE-2022-21365( causing a denial of service ) ...read more


Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)

November 28, 2022 | Medium Severity

Jettison-json is used by IBM UrbanCode Deploy (UCD) for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. (CVE-2022-40149, CVE-2022-40150) ...read more