mickmick.net

IBM WebSphere Application Server Multiple Vulnerabilities

Release Date: 12 Apr 2022

RISK: Medium Risk

TYPE: Servers - Internet App Servers

Multiple vulnerabilities were identified in IBM WebSphere Application Server. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service

---

System / Technologies affected

• IBM Security Access Manager for Enterprise Single Sign-On 8.2.0
• IBM Security Access Manager for Enterprise Single Sign-On 8.2.1
• IBM Security Access Manager for Enterprise Single Sign-On 8.2.2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor:
  https://www.ibm.com/support/pages/node/6570861

---

Vulnerability Identifier

• CVE-1999-0001
• CVE-1999-0002
• CVE-2021-45960
• CVE-2021-46143
• CVE-2022-22822
• CVE-2022-22823
• CVE-2022-22824
• CVE-2022-22825
• CVE-2022-22826
• CVE-2022-22827
• CVE-2022-23852
• CVE-2022-23990
• CVE-2022-25235
• CVE-2022-25236
• CVE-2022-25313
• CVE-2022-25315

---

Source

• IBM
• AusCERT

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.1542
• https://www.ibm.com/support/pages/node/6570861