The official site for Saudi CERT
IBM Alert
2649
Warning Date
Severity Level
Warning Number
Target Sector
14 September, 2022
● High
2022-5237
All
IBM has released security updates to address several vulnerabilities in several products:
- BM WebSphere Application Server Liberty
- IBM App Connect Enterprise and IBM Integration Bus
- IBM SPSS Statistics
- IBM WIoTP MessageGateway
- AIX
- IBM WebSphere Application Server Liberty for IBM i
Attacker could exploit these vulnerabilities by doing the following:
- Escalation of privilege
- Spoofing attacks
- Bypass of a protection mechanism
- Sensitive information disclosure
- Execute arbitrary code
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-an-identity-spoofing-vulnerability-in-ibm-websphere-application-server-liberty-affects-cics-transaction-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-due-to-openssl-and-node-js-which-affect-ibm-app-connect-enterprise-and-ibm-integration-bus-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-vulnerability-affects-ibm-spss-statistics-cve-2018-1000632/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-and-websphere-liberty-affect-ibm-wiotp-messagegateway-cve-2022-22476-cve-2019-11777-cve-2022-22475-cve-2022-2097-cve-2022-2068-cve-2022-1292/
- https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-privilege-escalation-vulnerability-due-to-invscout-cve-2022-36768/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-for-ibm-i-is-vulnerable-to-identity-spoofing-with-authenticated-user-and-ability-to-bypass-security-restrictions-due-to-eclipse-paho-java-cl/
Rate the content
Share the page
