Authors: Created by IBM

There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled.This has been addressed. CVEID:  CVE-2022-45787^[1]
DESCRIPTION:  Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files.By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive...

Just published by IBM: Read more

Authors: Created by IBM

There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2 feature enabled.This has been addressed. CVEID:  CVE-2022-46364^[1]
DESCRIPTION:  Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests.By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
...

Just published by IBM: Read more

Authors: Created by IBM

File link	File size	File description

...

Just published by IBM: Read more

Authors: Created by IBM

...

Just published by IBM: Read more

Authors: Created by IBM

IBM WebSphere Application Server Liberty Fix pack 23.0.0.1 for all platforms.

Notice: Read the important information included in this document in the Known side effects^[1] section and Regression List^[2] for changes with negative effects.

WebSphere Application Server Liberty 23.0.0.1 content on Fix Central is provided:...

Just published by IBM: Read more