WID-SEC-W-2022-0617
Vulnerability from csaf_certbund - Published: 2022-07-07 22:00 - Updated: 2025-05-01 22:00Summary
IBM WebSphere Application Server: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM WebSphere Application Server ist ein J2EE-Applikationsserver.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen falsch darzustellen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Informationen falsch darzustellen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0617 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0617.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0617 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0617"
},
{
"category": "external",
"summary": "IBM vom 2022-07-07",
"url": "https://www.ibm.com/support/pages/node/6602015"
},
{
"category": "external",
"summary": "IBM vom 2022-07-07",
"url": "https://www.ibm.com/support/pages/node/6602039"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6618333 vom 2022-09-07",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-identity-spoofing-cve-2022-22476-4/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6619843 vom 2022-09-13",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-for-ibm-i-is-vulnerable-to-identity-spoofing-with-authenticated-user-and-ability-to-bypass-security-restrictions-due-to-eclipse-paho-java-cl/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6823727 vom 2022-09-29",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-and-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-i/"
},
{
"category": "external",
"summary": "HCL Article KB0100878 vom 2022-10-06",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100878"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6830587 vom 2022-10-21",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-containerd-gnupg2-runc-and-ibm-websphere-application-server-liberty/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6832104 vom 2022-11-02",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-an-identity-spoofing-issue-in-ibm-websphere-application-server-liberty-cve-2022-22476/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6844721 vom 2022-12-15",
"url": "https://www.ibm.com/support/pages/node/6844721"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6953617 vom 2023-02-07",
"url": "https://www.ibm.com/support/pages/node/6953617"
},
{
"category": "external",
"summary": "HCL Article KB0104915 vom 2023-06-05",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104915"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6957144 vom 2023-10-16",
"url": "https://www.ibm.com/support/pages/node/6957144"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232272 vom 2025-05-01",
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"source_lang": "en-US",
"title": "IBM WebSphere Application Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-01T22:00:00.000+00:00",
"generator": {
"date": "2025-05-02T08:13:16.176+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0617",
"initial_release_date": "2022-07-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-09-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-09-28T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-10-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-01T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-15T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-07T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-05T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-10-15T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-01T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.1.20",
"product": {
"name": "HCL Commerce \u003c9.0.1.20",
"product_id": "T027957"
}
},
{
"category": "product_version",
"name": "9.0.1.20",
"product": {
"name": "HCL Commerce 9.0.1.20",
"product_id": "T027957-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.0.1.20"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.12",
"product": {
"name": "HCL Commerce \u003c9.1.12",
"product_id": "T027958"
}
},
{
"category": "product_version",
"name": "9.1.12",
"product": {
"name": "HCL Commerce 9.1.12",
"product_id": "T027958-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.1.12"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "10.0.x",
"product": {
"name": "IBM Security Verify Access 10.0.x",
"product_id": "T026175",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.x"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Spectrum Protect",
"product": {
"name": "IBM Spectrum Protect",
"product_id": "T013661",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:-"
}
}
},
{
"category": "product_version_range",
"name": "Plus \u003c10.1.13",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.13",
"product_id": "T030521"
}
},
{
"category": "product_version",
"name": "Plus 10.1.13",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.13",
"product_id": "T030521-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus__10.1.13"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
},
{
"category": "product_name",
"name": "IBM Spectrum Scale",
"product": {
"name": "IBM Spectrum Scale",
"product_id": "T019402",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Liberty \u003c22.0.0.8",
"product": {
"name": "IBM WebSphere Application Server Liberty \u003c22.0.0.8",
"product_id": "T023774"
}
},
{
"category": "product_version",
"name": "Liberty 22.0.0.8",
"product": {
"name": "IBM WebSphere Application Server Liberty 22.0.0.8",
"product_id": "T023774-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:liberty__22.0.0.8"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11777",
"product_status": {
"known_affected": [
"T026175",
"T030521",
"T019402",
"T027957",
"T027958",
"T036688",
"T023774",
"T021398",
"T013661",
"T017494"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2019-11777"
},
{
"cve": "CVE-2022-22476",
"product_status": {
"known_affected": [
"T026175",
"T030521",
"T019402",
"T027957",
"T027958",
"T036688",
"T023774",
"T021398",
"T013661",
"T017494"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22476"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…