Lucene search

K
ibmIBM019F23A3AAFAD4919B6106A6E7DC0182EE72C7EC2EF686F12146B41D4C9DC04A
HistoryDec 06, 2018 - 6:40 a.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2015-0899)

2018-12-0606:40:02
www.ibm.com
10

EPSS

0.949

Percentile

99.3%

Summary

WebSphere Application Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

|

Affected Supporting Product and Version

β€”|β€”

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6

|

  • WebSphere Application Server V8.5.5 through V8.5.5.12

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5

|

  • WebSphere Application Server V8.5

Remediation/Fixes

The recommended solution is to apply the fixes as soon as practical.

Principal Product and Version(s) VRMF Remediation/First Fix
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6

Upgrade to IBM Cloud Orchestrator 2.5 Fix Pack 7:
<https://www-01.ibm.com/support/docview.wss?uid=ibm10718247&gt;

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 | After you upgrade to minimal fix pack levels as required by interim fix, apply the appropriate Interim to your environment as soon as practical. For details, see

Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)

Workarounds and Mitigations

None

EPSS

0.949

Percentile

99.3%