Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3)
Download Description
PH44762 resolves the following problem:
ERROR DESCRIPTION:
IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3)
LOCAL FIX:
PROBLEM SUMMARY:
IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3)
PROBLEM CONCLUSION:
Confidential for CVE-2018-25031 CVSS 5.4, CVE-2021-46708 4.3
The fix for this APAR is targeted for inclusion in fix packs Liberty 22.0.0.2.
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
ERROR DESCRIPTION:
IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3)
LOCAL FIX:
PROBLEM SUMMARY:
IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3)
PROBLEM CONCLUSION:
Confidential for CVE-2018-25031 CVSS 5.4, CVE-2021-46708 4.3
The fix for this APAR is targeted for inclusion in fix packs Liberty 22.0.0.2.
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Review the readme.txt for detailed installation instructions.
| URL | SIZE (Bytes) |
|---|---|
| 22.0.0.1 IM readme file | 2281 |
| 21.0.0.12 IM readme file | 2304 |
| 22.0.0.1 Archive readme file | 2908 |
| 21.0.0.12 Archive readme file | 3345 |
Download Package
Important note: WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table.
| DOWNLOAD | RELEASE DATE | SIZE (BYTES) |
URL
|
|---|---|---|---|
| 21.0.0.12-WS-WLP-IFPH44762 | 05 April 2022 | 6528420 | FC |
| 22.0.0.1-WS-WLP-IFPH44762 | 05 April 2022 | 3554835 | FC |
| 210012-wlp-archive-IFPH44762 | 05 April 2022 | 6466936 | FC |
| 22001-wlp-archive-IFPH44762 | 05 April 2022 | 3493486 | FC |
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.
Problems Solved
PH44762
On
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001j54AAA","label":"WebSphere Application Server traditional-All Platforms-\u003EDownload Documents - L3 Publishing Category"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"21.0.0;22.0.0"}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
05 April 2022
UID
ibm16568393