IBM Support

PH47867:IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476 CVSS 5.0)

Download


Downloadable File

File link File size File description

Abstract

IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476 CVSS 5.0)

Download Description

This interim fix is superseded by a later interim fix
This fix is superseded by the fix for APAR PH48187. Download and install the fix for PH48187 to resolve PH47867.
You can also use the Fix Central link later on this page to get a list of all the fixes that include PH47867. 
PH47867 resolves the following problem:

ERROR DESCRIPTION:
IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476 CVSS 5.0)

PROBLEM SUMMARY:
IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476 CVSS 5.0)
PROBLEM CONCLUSION:
Confidential for CVE-2022-22476.

The fix for this APAR is currently targeted for inclusion in Liberty 22.0.0.8.

For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

This fix supersedes (includes) the fixes for PH46072 and the original APAR for this CVE, PH46073.
This interim fix is superseded by a later interim fix
This fix is superseded by the fix for APAR PH48187. Download and install the fix for PH48187 to resolve PH47867.
You can also use the Fix Central link later on this page to get a list of all the fixes that include PH47867. 

Prerequisites

None

Download Package

Important note: WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download fixes from Fix Central.  For information about Fix Central, see What is Fix Central (FC)?.
 Perform the following steps to locate and download interim fixes for your application server:
  1. Click the following link to get to the list of Liberty interim fix download packages that include APAR PH47867 on Fix Central:
  2. Locate the download package that applies to your fix pack
    • Tips:
      •  If an interim fix appears in the list with a later APAR number, it means that the new fix includes PH47867.  The new fix should be installed instead.
        • Two reasons that more than one APAR fix might be retrieved are: 1) a later CVE was discovered in the same area of code, and 2) the original APAR has a defect.
      • Entering text in the Filter fix details box will dynamically narrow the fix list by matching your text to the details of each fix.  You can use this feature to pick out the fix for your fix pack by entering your fix pack number in the Filter fix details box.  For example, 22.0.0.6 or 22003.
      • If you hover over the link for an interim fix, you will be presented with additional details about the fix, including the applicable fix packs in the Applies to versions field.
  3. Click the interim fix package that you want to download
    • Download the ReadMe.txt file for installation instructions.
    • Download the interim fix (the zip or jar file).

Problems Solved

PH47867

Change History

7/08/22: Removed links to fixes for PH46073
7/09/22: Changed the APAR from PH46073 to PH47867
7/11/22: Added links to fixes for PH47867
7/26/22: Added information about replacement APAR PH48187.  Replaced direct fix links with a fix central query.

On

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF017","label":"Mac OS"}],"Version":"22.0.0.3;22.0.0.6;22.0.0.7","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
26 July 2022

UID

ibm16601887

Page Feedback