Misconfigured PATH Variable

[gcoolgithub]

We have found issue during our penetration testing (112718: Misconfigured path variable) that the PATH variable is misconfigured
for one of our application image .
The application image is using websphere liberty container image as the base image ((http://icr.io/appcafe/websphere-liberty:22.0.0.6-kernel-java8-ibmjava-ubi)). It is observed that the PATH variable is configured such that it checks for binaries in /opt/ibm/wlp/bin directory first and later in the /bin directory, a malicious user can create a binary like "ls" and deceive other privileged users in executing the malicious binary.
We found that the path variable is misconfigured in the base websphere liberty image
bash-4.4$ echo $PATH
/opt/ibm/wlp/bin:/opt/ibm/helpers/build:/opt/ibm/java/jre/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
bash-4.4$

[leochr]

@crpotter please review and merge this PR to update submodule to include this fix and refresh the images.

@gcoolgithub we've added the fix to the Dockerfiles. The images will be updated when the builds run next.
Note that 22.0.0.6 is no longer maintained, so you'll have to move up to 22.0.0.9 / 22.0.0.12 / 23.0.0.1 to get the fix (when images are updated/released).