Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.

​IBM WebSphere Application Server for IBM i is vulnerable to a server-side request forgery due to a flaw in parsing the href attribute (CVE-2022-46364), and is affected by an attacker obtaining sensitive information due to improper permissions on a temporary file (CVE-2022-45787), attacker gaining elevated privileges due to an insecure temp file (CVE-2023-0482), and a denial of service due to not limiting the file upload request function (CVE-2023-24998) as described in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes section. Read More