Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1380)

Summary

WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin

• Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)
  for vulnerability details and information about fixes.

Affected Products and Versions

- IBM Business Process Manager V7.5.0.0 through V7.5.1.2

- IBM Business Process Manager V8.0.0.0 through V8.0.1.3

- IBM Business Process Manager V8.5.0.0 through V8.5.0.2

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

- WebSphere Process Server V7.0.0.0 through V7.0.0.5

- WebSphere Enterprise Service Bus V7.0.0.0 through V7.0.0.5

- WebSphere Enterprise Service Bus Registry Edition V7.0.0.0 through V7.0.0.5

- WebSphere Enterprise Service Bus V7.5.0.0 through V7.5.1.2

- WebSphere Enterprise Service Bus Registry Edition V7.5.0.0 through V7.5.1.2

- WebSphere Lombardi Edition V7.2.0.0 through V7.2.0.5

For_ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._

Workarounds and Mitigations

None