Asset resource type (WebSphere Application Server Liberty server)
Asset resource types describe servers and runtimes that are managed and monitored by WebSphere Automation.
Example asset created event (WebSphere Application Server Liberty server)
{
"type" : "CREATE",
"asset" : {
"created" : "2023-06-12T10:14:06Z",
"createdBy" : "server-registration-processor",
"id" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"name" : "test-server1@neoteric1.example.com",
"updated" : "2023-06-12T10:14:06Z",
"updatedBy" : "server-registration-processor",
"apars" : [ ],
"hostName" : "neoteric1.example.com",
"operatingSystem" : "Linux",
"operatingSystemVersion" : "3.10.0-1160.90.1.el7.x86_64",
"productName" : "WebSphere Application Server Liberty",
"type" : "liberty",
"unresolvedVulnerabilities" : [ {
"created" : "2023-06-12T10:14:05Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "f0b95a2d-bdf3-31e3-92f1-440049e2d181",
"name" : "6839565 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-12T10:14:05Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21626"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.",
"id" : "CVE-2022-21624"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6839565",
"endVersion" : "8.0.7.19",
"fixPack" : "8.0.7.20",
"iFixes" : [ "PH50734" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "f0a4388b-cbb5-3e46-a267-f230db98c073"
}, {
"created" : "2023-06-12T10:14:05Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "144f36e5-5ca8-3529-8f9f-3f59aaa0efb7",
"name" : "6594523 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-12T10:14:05Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21299"
}, {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.",
"id" : "CVE-2022-21496"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6594523",
"endVersion" : "8.0.7.9",
"fixPack" : "8.0.7.10",
"iFixes" : [ "PH46425" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "12959664-bdcc-396a-b0af-f15886b07354"
}, {
"created" : "2023-06-12T10:14:05Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "7bf87d29-2776-3d70-9923-ac9d8c81a156",
"name" : "6980375 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-12T10:14:05Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21426"
}, {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.",
"id" : "CVE-2023-21830"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6980375",
"endVersion" : "8.0.7.99",
"fixPack" : "8.0.8.0",
"iFixes" : [ "PH53088" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "1775bdd2-6649-350f-9442-0fbd4abeb4f7"
}, {
"created" : "2023-06-12T10:14:06Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "e9f220f0-529e-32b7-8e3d-d1521b62cd7d",
"name" : "6616953 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-12T10:14:06Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.",
"id" : "CVE-2021-2163"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6616953",
"endVersion" : "8.0.7.14",
"fixPack" : "8.0.7.15",
"iFixes" : [ "PH48649" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "ce701624-9b78-3923-bc80-967995bab0da"
}, {
"created" : "2023-06-12T10:14:06Z",
"createdBy" : "server-registration-processor",
"description" : "There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether this vulnerability is applicable to your code. Refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information.",
"id" : "46f5a37a-9e98-344e-9abf-71216216006d",
"name" : "6986617 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-12T10:14:06Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 7.5,
"description" : "IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations.",
"id" : "CVE-2023-30441"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6986617",
"endVersion" : "8.0.7.14",
"fixPack" : "8.0.7.15",
"iFixes" : [ "PH53088" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "eb0bc67a-81be-3497-a33c-ae909eef69da"
}, {
"created" : "2023-06-12T10:14:06Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "1c5424d3-25cf-3b04-bb5e-fa1a32f55165",
"name" : "7001677 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-12T10:14:06Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.",
"id" : "CVE-2023-21937"
}, {
"cvssBaseScore" : 5.9,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.",
"id" : "CVE-2023-21954"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.",
"id" : "CVE-2023-21938"
}, {
"cvssBaseScore" : 5.9,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.",
"id" : "CVE-2023-21967"
}, {
"cvssBaseScore" : 7.4,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.",
"id" : "CVE-2023-21930"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact.",
"id" : "CVE-2023-21968"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/7001677",
"endVersion" : "8.0.8.4",
"fixPack" : "8.0.8.5",
"iFixes" : [ "PH54908" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "c0533ed3-cdf3-3305-a667-7757bdeaca62"
} ],
"version" : "21.0.0.12",
"edition" : "base",
"groups" : [ "NO_GROUP" ],
"installDirectory" : "/opt/ibm/wlp/",
"jdkId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"lastContact" : "2023-06-12T10:14:06Z",
"profileDirectory" : "/opt/ibm/wlp/usr/",
"serverName" : "test-server1",
"serverType" : "application-server",
"features" : [ "appSecurity-2.0", "appSecurity-3.0", "beanValidation-2.0", "cdi-2.0", "distributedMap-1.0", "ejbLite-3.2", "el-3.0", "jaspic-1.1", "jaxb-2.2", "jaxrs-2.1", "jaxrsClient-2.1", "jaxws-2.2", "jdbc-4.2", "jndi-1.0", "jpa-2.2", "jpaContainer-2.2", "jsf-2.3", "jsonb-1.0", "jsonp-1.1", "jsp-2.3", "managedBeans-1.0", "monitor-1.0", "servlet-4.0", "ssl-1.0", "transportSecurity-1.0", "usageMetering-1.0", "webProfile-8.0", "websocket-1.1" ]
}
}
Example asset updated event (WebSphere Application Server Liberty server)
{
"type" : "UPDATE",
"asset" : {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"id" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"name" : "test-server1@neoteric1.example.com",
"updated" : "2023-06-12T10:00:36Z",
"updatedBy" : "server-registration-processor",
"apars" : [ ],
"hostName" : "neoteric1.example.com",
"operatingSystem" : "Linux",
"operatingSystemVersion" : "3.10.0-1160.90.1.el7.x86_64",
"productName" : "WebSphere Application Server Liberty",
"type" : "liberty",
"unresolvedVulnerabilities" : [ {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "f0b95a2d-bdf3-31e3-92f1-440049e2d181",
"name" : "6839565 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21626"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.",
"id" : "CVE-2022-21624"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6839565",
"endVersion" : "8.0.7.19",
"fixPack" : "8.0.7.20",
"iFixes" : [ "PH50734" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "f0a4388b-cbb5-3e46-a267-f230db98c073"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "144f36e5-5ca8-3529-8f9f-3f59aaa0efb7",
"name" : "6594523 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21299"
}, {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.",
"id" : "CVE-2022-21496"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6594523",
"endVersion" : "8.0.7.9",
"fixPack" : "8.0.7.10",
"iFixes" : [ "PH46425" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "12959664-bdcc-396a-b0af-f15886b07354"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "7bf87d29-2776-3d70-9923-ac9d8c81a156",
"name" : "6980375 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21426"
}, {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.",
"id" : "CVE-2023-21830"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6980375",
"endVersion" : "8.0.7.99",
"fixPack" : "8.0.8.0",
"iFixes" : [ "PH53088" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "1775bdd2-6649-350f-9442-0fbd4abeb4f7"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "e9f220f0-529e-32b7-8e3d-d1521b62cd7d",
"name" : "6616953 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.",
"id" : "CVE-2021-2163"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6616953",
"endVersion" : "8.0.7.14",
"fixPack" : "8.0.7.15",
"iFixes" : [ "PH48649" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "ce701624-9b78-3923-bc80-967995bab0da"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether this vulnerability is applicable to your code. Refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information.",
"id" : "46f5a37a-9e98-344e-9abf-71216216006d",
"name" : "6986617 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 7.5,
"description" : "IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations.",
"id" : "CVE-2023-30441"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6986617",
"endVersion" : "8.0.7.14",
"fixPack" : "8.0.7.15",
"iFixes" : [ "PH53088" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "eb0bc67a-81be-3497-a33c-ae909eef69da"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section.",
"id" : "badcb19f-a493-3cf5-a748-36564daa94cf",
"name" : "6982047 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 7.5,
"description" : "Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.",
"id" : "CVE-2023-24998"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "23.0.0.4",
"iFixes" : [ "PH50863" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "7e38c015-dd84-351a-8084-47eeda5fc3e4"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed.",
"id" : "2ea22f93-f1be-395e-93bc-5014e4740aeb",
"name" : "6586734 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 7.1,
"description" : "IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.",
"id" : "CVE-2022-22475"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.6",
"iFixes" : [ "PH46072" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "0016b40b-88af-36e0-a1b6-2c0c44e4fa6d"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed.",
"id" : "16cd2e27-494a-3380-bfd3-9271f1e38a74",
"name" : "6602015 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 5.0,
"description" : "IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request.",
"id" : "CVE-2022-22476"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.8",
"iFixes" : [ "PH48187" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "4ba87075-0bb8-3f36-8170-70a7c0894522"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server is vulnerable to HTTP header injection when processing web requests. This has been addressed.",
"id" : "3117d91c-d8b2-33cf-9c51-41c85f394612",
"name" : "6618747 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 5.4,
"description" : "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.",
"id" : "CVE-2022-34165"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.10",
"iFixes" : [ "PH46816" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "1c5264cc-d6d0-3d3a-8c17-a655998215af"
}, {
"created" : "2023-06-09T15:48:51Z",
"createdBy" : "vulnerability-manager",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "1c5424d3-25cf-3b04-bb5e-fa1a32f55165",
"name" : "7001677 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-09T15:48:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.",
"id" : "CVE-2023-21937"
}, {
"cvssBaseScore" : 5.9,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.",
"id" : "CVE-2023-21954"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.",
"id" : "CVE-2023-21938"
}, {
"cvssBaseScore" : 5.9,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.",
"id" : "CVE-2023-21967"
}, {
"cvssBaseScore" : 7.4,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.",
"id" : "CVE-2023-21930"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact.",
"id" : "CVE-2023-21968"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/7001677",
"endVersion" : "8.0.8.4",
"fixPack" : "8.0.8.5",
"iFixes" : [ "PH54908" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "c0533ed3-cdf3-3305-a667-7757bdeaca62"
} ],
"version" : "21.0.0.12",
"edition" : "base",
"groups" : [ "NO_GROUP" ],
"installDirectory" : "/opt/ibm/wlp/",
"jdkId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"lastContact" : "2023-06-12T10:00:35Z",
"profileDirectory" : "/opt/ibm/wlp/usr/",
"serverName" : "test-server1",
"serverType" : "application-server",
"features" : [ "appSecurity-2.0", "appSecurity-3.0", "beanValidation-2.0", "cdi-2.0", "distributedMap-1.0", "ejbLite-3.2", "el-3.0", "jaspic-1.1", "jaxrs-2.1", "jaxrsClient-2.1", "jdbc-4.2", "jndi-1.0", "jpa-2.2", "jpaContainer-2.2", "jsf-2.3", "jsonb-1.0", "jsonp-1.1", "jsp-2.3", "managedBeans-1.0", "monitor-1.0", "servlet-4.0", "ssl-1.0", "transportSecurity-1.0", "usageMetering-1.0", "webProfile-8.0", "websocket-1.1" ]
},
"originalVersion" : {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"id" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"name" : "test-server1@neoteric1.example.com",
"updated" : "2023-06-12T09:56:56Z",
"updatedBy" : "server-registration-processor",
"apars" : [ ],
"hostName" : "neoteric1.example.com",
"operatingSystem" : "Linux",
"operatingSystemVersion" : "3.10.0-1160.90.1.el7.x86_64",
"productName" : "WebSphere Application Server Liberty",
"type" : "liberty",
"unresolvedVulnerabilities" : [ {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "f0b95a2d-bdf3-31e3-92f1-440049e2d181",
"name" : "6839565 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21626"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.",
"id" : "CVE-2022-21624"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6839565",
"endVersion" : "8.0.7.19",
"fixPack" : "8.0.7.20",
"iFixes" : [ "PH50734" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "f0a4388b-cbb5-3e46-a267-f230db98c073"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "144f36e5-5ca8-3529-8f9f-3f59aaa0efb7",
"name" : "6594523 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21299"
}, {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.",
"id" : "CVE-2022-21496"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6594523",
"endVersion" : "8.0.7.9",
"fixPack" : "8.0.7.10",
"iFixes" : [ "PH46425" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "12959664-bdcc-396a-b0af-f15886b07354"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "7bf87d29-2776-3d70-9923-ac9d8c81a156",
"name" : "6980375 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.",
"id" : "CVE-2022-21426"
}, {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.",
"id" : "CVE-2023-21830"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6980375",
"endVersion" : "8.0.7.99",
"fixPack" : "8.0.8.0",
"iFixes" : [ "PH53088" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "1775bdd2-6649-350f-9442-0fbd4abeb4f7"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "e9f220f0-529e-32b7-8e3d-d1521b62cd7d",
"name" : "6616953 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 5.3,
"description" : "An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.",
"id" : "CVE-2021-2163"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6616953",
"endVersion" : "8.0.7.14",
"fixPack" : "8.0.7.15",
"iFixes" : [ "PH48649" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "ce701624-9b78-3923-bc80-967995bab0da"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "server-registration-processor",
"description" : "There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether this vulnerability is applicable to your code. Refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information.",
"id" : "46f5a37a-9e98-344e-9abf-71216216006d",
"name" : "6986617 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "server-registration-processor",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 7.5,
"description" : "IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations.",
"id" : "CVE-2023-30441"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/6986617",
"endVersion" : "8.0.7.14",
"fixPack" : "8.0.7.15",
"iFixes" : [ "PH53088" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "eb0bc67a-81be-3497-a33c-ae909eef69da"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2 feature enabled. This has been addressed.",
"id" : "6f034f97-22e2-3b9e-8acd-7ab267d8da22",
"name" : "6953767 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 9.8,
"description" : "Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.",
"id" : "CVE-2022-46364"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "23.0.0.2",
"iFixes" : [ "PH52095" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "59bbdab3-bd2f-3c96-b1a6-64657859d9ec"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section.",
"id" : "badcb19f-a493-3cf5-a748-36564daa94cf",
"name" : "6982047 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 7.5,
"description" : "Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.",
"id" : "CVE-2023-24998"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "23.0.0.4",
"iFixes" : [ "PH50863" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "7e38c015-dd84-351a-8084-47eeda5fc3e4"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed.",
"id" : "2ea22f93-f1be-395e-93bc-5014e4740aeb",
"name" : "6586734 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 7.1,
"description" : "IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.",
"id" : "CVE-2022-22475"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.6",
"iFixes" : [ "PH46072" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "0016b40b-88af-36e0-a1b6-2c0c44e4fa6d"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed.",
"id" : "16cd2e27-494a-3380-bfd3-9271f1e38a74",
"name" : "6602015 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 5.0,
"description" : "IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request.",
"id" : "CVE-2022-22476"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.8",
"iFixes" : [ "PH48187" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "4ba87075-0bb8-3f36-8170-70a7c0894522"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server is vulnerable to HTTP header injection when processing web requests. This has been addressed.",
"id" : "3117d91c-d8b2-33cf-9c51-41c85f394612",
"name" : "6618747 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 5.4,
"description" : "IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.",
"id" : "CVE-2022-34165"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.10",
"iFixes" : [ "PH46816" ],
"operator" : "OR",
"startVersion" : "21.0.0.1"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "1c5264cc-d6d0-3d3a-8c17-a655998215af"
}, {
"created" : "2023-06-05T16:25:51Z",
"createdBy" : "vulnerability-manager",
"description" : "IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure. This has been addressed.",
"id" : "1bb133e1-140e-38c5-a082-c8838b02b7f5",
"name" : "6541530 : test-server1@neoteric1.example.com",
"updated" : "2023-06-05T16:25:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "6879e6e1-7701-325f-9e4d-f55a7387480e",
"cves" : [ {
"cvssBaseScore" : 4.8,
"description" : "IBM WebSphere Application Server Liberty could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications.",
"id" : "CVE-2022-22310"
} ],
"remediations" : [ {
"endVersion" : "21.0.0.12",
"fixPack" : "22.0.0.1",
"iFixes" : [ "PH42074" ],
"operator" : "OR",
"startVersion" : "21.0.0.10"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "ffbeb225-a605-335d-9dce-581a14b32193"
}, {
"created" : "2023-06-09T15:48:51Z",
"createdBy" : "vulnerability-manager",
"description" : "There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"id" : "1c5424d3-25cf-3b04-bb5e-fa1a32f55165",
"name" : "7001677 : IBM J9 VM@neoteric1.example.com",
"updated" : "2023-06-09T15:48:51Z",
"updatedBy" : "vulnerability-manager",
"assetId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"cves" : [ {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.",
"id" : "CVE-2023-21937"
}, {
"cvssBaseScore" : 5.9,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.",
"id" : "CVE-2023-21954"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.",
"id" : "CVE-2023-21938"
}, {
"cvssBaseScore" : 5.9,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.",
"id" : "CVE-2023-21967"
}, {
"cvssBaseScore" : 7.4,
"description" : "An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.",
"id" : "CVE-2023-21930"
}, {
"cvssBaseScore" : 3.7,
"description" : "An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact.",
"id" : "CVE-2023-21968"
} ],
"remediations" : [ {
"additionalInstallationInstructions" : "https://www.ibm.com/support/pages/node/7001677",
"endVersion" : "8.0.8.4",
"fixPack" : "8.0.8.5",
"iFixes" : [ "PH54908" ],
"operator" : "OR",
"startVersion" : "8.0.0.0"
} ],
"resolved" : false,
"secondsExposed" : 0,
"securityBulletinId" : "c0533ed3-cdf3-3305-a667-7757bdeaca62"
} ],
"version" : "21.0.0.12",
"edition" : "base",
"groups" : [ "NO_GROUP" ],
"installDirectory" : "/opt/ibm/wlp/",
"jdkId" : "e506a09b-bc6a-3a08-89fe-6b6680bbb4b1",
"lastContact" : "2023-06-12T09:56:53Z",
"profileDirectory" : "/opt/ibm/wlp/usr/",
"serverName" : "test-server1",
"serverType" : "application-server",
"features" : [ "appSecurity-2.0", "appSecurity-3.0", "beanValidation-2.0", "cdi-2.0", "distributedMap-1.0", "ejbLite-3.2", "el-3.0", "jaspic-1.1", "jaxb-2.2", "jaxrs-2.1", "jaxrsClient-2.1", "jaxws-2.2", "jdbc-4.2", "jndi-1.0", "jpa-2.2", "jpaContainer-2.2", "jsf-2.3", "jsonb-1.0", "jsonp-1.1", "jsp-2.3", "managedBeans-1.0", "monitor-1.0", "servlet-4.0", "ssl-1.0", "transportSecurity-1.0", "usageMetering-1.0", "webProfile-8.0", "websocket-1.1" ]
}
}
Example asset deleted event (WebSphere Application Server Liberty server)
{
"type": "DELETE",
"asset": {
"id": "ecf6945a-5da0-3f4c-818d-fc21403f3f1f",
"name": "defaultServer@wsademo",
"type": "liberty",
"edition": "ilan",
"serverType": "application-server",
"productName": "WebSphere Application Server Liberty ILAN",
"version": "23.0.0.4",
"features": [
"beanValidation-2.0",
"el-3.0",
"jsp-2.3",
"servlet-4.0",
"ssl-1.0",
"transportSecurity-1.0",
"usageMetering-1.0"
],
"apars": [],
"hostName": "wsademo",
"serverName": "defaultServer",
"installDirectory": "/opt/ibm/wlp/",
"profileDirectory": "/opt/ibm/wlp/usr/",
"operatingSystem": "Linux",
"operatingSystemVersion": "4.18.0-372.52.1.el8_6.x86_64",
"jdkId": "276e7a8c-11d6-302f-868f-fc1539db9e57",
"unresolvedVulnerabilities": [],
"groups": [
"NO_GROUP"
],
"created": "2023-06-05T15:51:54Z",
"createdBy": "server-registration-processor",
"updated": "2023-06-05T15:54:05Z",
"updatedBy": "server-registration-processor"
}
}