IBM203E7922106B931362B6100CF9DFF563289FDFFC66DB499B063828A928DEE3ACSecurity Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are used in IBM Security Guardium Key Lifecycle Manager
Summary
WebSphere Application Server and IBM WebSphere Application Server Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Guardium Key Lifecycle Manager | 3.0, 3.0.1, 4.0, 4.1, 4.1.1, 4.2 |
Remediation/Fixes
IBM encourages customers to update their systems promptly.
| Principal Product and Version(s) | Affected Supporting Product and Version | Remediation/ Fixes |
|---|---|---|
| IBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 |
Apply IBM SDK Technology Edition 8.0.8.5(or higher)
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | Websphere Liberty 21.0.0.6
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | Websphere Liberty 22.0.0.12
For more information, please consult the Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU for vulnerability details and information about fixes.
Workarounds and Mitigations
None