IBM Support

PH46332:IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477 CVSS 6.1)

Download


Downloadable File

File link File size File description

Abstract

IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477 CVSS 6.1)

Download Description

This interim fix is superseded by a later interim fix
This fix is superseded by the fix for APAR PH46332. You must download and install the fix for PH50116 to get a complete solution for CVE-2022-22477.
You can also use the Fix Central link later on this page to get a list of all the fixes that include PH46332. 
PH46332 resolves the following problem:

ERROR DESCRIPTION:
IBM WebSphere Application Server is vulnerable to Cross-site Scripting  (CVE-2022-22477 CVSS 6.1)

PROBLEM SUMMARY:
IBM WebSphere Application Server is vulnerable to Cross-site Scripting  (CVE-2022-22477 CVSS 6.1)

PROBLEM CONCLUSION:
Confidential for CVE-2022-22477.

The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.22 and 9.0.5.13.

For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
 
This interim fix is superseded by a later interim fix
This fix is superseded by the fix for APAR PH46332. You must download and install the fix for PH50116 to get a complete solution for CVE-2022-22477.
You can also use the Fix Central link later on this page to get a list of all the fixes that include PH46332. 

Prerequisites

None

Download Package

Important note: WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download fixes from Fix Central.  For information about Fix Central, see What is Fix Central (FC)?.
 Perform the following steps to locate and download interim fixes for your application server:
  1. Click the following link to get to the list of Liberty interim fix download packages that include APAR PH46332 on Fix Central:
    • PH46332 interim fixes for WebSphere Application Server on Fix Central
  2. Locate the download package that applies to your fix pack
    • Tips:
      •  If an interim fix appears in the list with a later APAR number, it means that the new fix includes PH46332.  The new fix should be installed instead.
        • Two reasons that more than one APAR fix might be retrieved are: 1) a later CVE was discovered in the same area of code, and 2) the original APAR has a defect.
      • Entering text in the Filter fix details box will dynamically narrow the fix list by matching your text to the details of each fix.  You can use this feature to pick out the fix for your fix pack by entering your fix pack number in the Filter fix details box.  For example, 9.0.5.7 or 8.5.5.20.
      • If you hover over the link for an interim fix, you will be presented with additional details about the fix, including the applicable fix packs in the Applies to versions field.
  3. Click the interim fix package that you want to download
    • Download the ReadMe.txt file for installation instructions.
    • Download the interim fix (the zip file).

Problems Solved

PH46332, PH01621

Change History

20 Oct 2022: Superseded fix with PH50116 and removed fix links.

On

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5;8.5.0.1;8.5.0.2;8.5.5;8.5.5.1;8.5.5.10;8.5.5.11;8.5.5.12;8.5.5.13;8.5.5.14;8.5.5.15;8.5.5.16;8.5.5.17;8.5.5.18;8.5.5.19;8.5.5.2;8.5.5.20;8.5.5.21;8.5.5.3;8.5.5.4;8.5.5.5;8.5.5.6;8.5.5.7;8.5.5.8;8.5.5.9;9.0.0.0;9.0.0.1;9.0.0.10;9.0.0.11;9.0.0.2;9.0.0.3;9.0.0.4;9.0.0.5;9.0.0.6;9.0.0.7;9.0.0.8;9.0.0.9;9.0.5.0;9.0.5.1;9.0.5.10;9.0.5.11;9.0.5.12;9.0.5.2;9.0.5.3;9.0.5.4;9.0.5.5;9.0.5.6;9.0.5.7;9.0.5.8;9.0.5.9","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
20 October 2022

UID

ibm16602629

Page Feedback