Security Bulletin: A security vulnerability has been identified in WebSphere Application Server that ships with Rational Asset Manager (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194)

Summary

WebSphere Application Server is shipped as a component of Rational Asset Manager. Information about security vulnerability affecting the WebSphere Application Server is published in this security bulletin.

Vulnerability Details

You must refer to the following security bulletins for vulnerability details and information about fixes:

• Security Bulletin: Information Disclosure in IBM WebSphere Application Server (CVE-2017-1151)
• Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137)
• Security Bulletin: Cross-site request forgery in WebSphere Application Server (CVE-2017-1194)

Affected Products and Versions

IBM Rational Asset Manager 7.5, 7.5.1, 7.5.2, and 7.5.3.

Remediation/Fixes

You must refer to the appropriate security bulletin for fix pack releases or an iFix listed in the following table and apply it.

Yes | See the Security Bulletin - CVE-2017-1194 for fix.|

N/A |

N/A
7.5.1| See the Security Bulletin - CVE-2017-1151, Security Bulletin CVE-2017-1137 and Security Bulletin - CVE-2017-1194 for fix.
7.5.2|

No |

N/A | See the Security Bulletin - CVE-2017-1151, Security Bulletin CVE-2017-1137 and Security Bulletin - CVE-2017-1194 for fix.
7.5.3

Workarounds and Mitigations

None.