Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365 CVSS 5.6)
Download Description
PH44339 resolves the following problem:
ERROR DESCRIPTION:
IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365 CVSS 5.6)
PROBLEM SUMMARY:
IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365 CVSS 5.6)
PROBLEM CONCLUSION:
Confidential for CVE-2022-22365 CVSS 5.6.
The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.23 and 9.0.5.13.
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Review the readme.txt for detailed installation instructions.
| URL | SIZE(Bytes) |
|---|---|
| V90 readme | 2192 |
| V85 readme | 2384 |
| V80 readme | 5149 |
| V70 readme | 5149 |
Download Package
|
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table.
|
| DOWNLOAD | RELEASE DATE | SIZE(Bytes) | Fix Packs |
URL |
|---|---|---|---|---|
| 9.0.5.12-WS-WAS-IFPH44339 | 07 June 2022 | 1425416 | 9.0.5.12 | FC |
| 9.0.5.10-WS-WAS-IFPH44339 | 18 May 2022 | 1426691 | 9.0.5.10, 9.0.5.11 | FC |
| 8.5.5.20-WS-WAS-IFPH44339 | 18 May 2022 | 1426936 | 8.5.5.20, 8.5.5.21 | FC |
| Note: The following fixes are only applicable to installations that have the optional "Web 2.0 Feature Pack" extension. See note below for further info. | ||||
| 1.1.0.4-WS-WASWeb20-MultiOS-IFPH44339 | 18 May 2022 | 1420203 | 8.0.0.15 | FC |
| 1.1.0.4-WS-WASWeb20-MultiOS-IFPH44339 | 18 May 2022 | 1233044 | 7.0.0.45 | FC |
For users of WebSphere Application Server 7.0 and 8.0 only
PH44339 only affects installations with the optional "Web 2.0 Feature Pack" extension installed.
To determine if the "Web 2.0 Feature Pack" is installed, run bin/versionInfo from the WebSphere installation root. If the output does not contain a product named "Web 2.0 and Mobile Feature Pack", PH44339 is not applicable to the installation and no interim fix is required.
Problems Solved
PH44339
On
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z000000bmldAAA","label":"WebSphere Application Server traditional-All Platforms-\u003ESecurity-\u003EVulnerabilities"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0;8.0.0;8.5.0;8.5.5;9.0.0;9.0.5"}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
07 June 2022
UID
ibm16587553