Multiple Vulnerabilities in IBM WebSphere Application Server
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: MEDIUM
Software Affected
IBM WebSphere Application Server version 9.0
IBM WebSphere Application Server version 8.5
IBM WebSphere Application Server Liberty Continuous delivery
Overview
Multiple vulnerabilities have been reported in IBM WebSphere Application
Server and IBM Application Server Liberty which could be exploited by
unauthenticated remote attacker to manipulate data or cause denial of
service condition (DoS) condition on the targeted system.
Description
1. Data Manipulation Vulnerability ( CVE-2022-21624 )
This vulnerability exists in Java SE due to improper input validation
within the JNDI component in Oracle GraalVM Enterprise Edition. An
unauthenticated remote attacker could exploit this vulnerability to
manipulate data on the targeted system.
2. Denial of Service Vulnerability ( CVE-2022-21626 )
This vulnerability exists in Java SE due to improper input validation
within the Security component in Oracle GraalVM Enterprise Edition. An
unauthenticated remote attacker could exploit this vulnerability to perform
denial of service (DoS) condition on the targeted system.
Solution
Apply appropriate patches as mentioned in IBM Security Bulletin
Vendor Information
IBM
References
IBM
CVE Name
CVE-2022-21624
CVE-2022-21626
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.