Authors: Created by IBM


IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability.This has been addressed. CVEID:  CVE-2023-23477[1]
DESCRIPTION:  IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
CVSS Base score:8.1
CVSS Temporal Score:See:https://exchange.xforce.ibmcloud.com/vulnerabilities/245513[2]...

Just published by IBM: Read more

Authors: Created by IBM


There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled.This has been addressed. CVEID:  CVE-2022-45787[1]
DESCRIPTION:  Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files.By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive...

Just published by IBM: Read more

Authors: Created by IBM


There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2 feature enabled.This has been addressed. CVEID:  CVE-2022-46364[1]
DESCRIPTION:  Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests.By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
...

Just published by IBM: Read more

Weitere Beiträge ...

  1. WebSphere Application Server Liberty 23.0.0.1
  2. Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU
  3. Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU
  4. 9.0.0.8-WS-WASProd-IFPH01114

Seite 22 von 51