Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2016-2960, CVE-2016-0385, CVE-2016-3092)

Summary

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Network Manager IP Edition.
Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Consult the security bulletins:
Potential denial of service with SIP Services (CVE-2016-2960)
Potential bypass security in WebSphere Applicaiton Server(CVE-2016-0385)
Open Source Apache Tomcat , Commons FileUpload Vulnerabilities affects WebSphere App Server(CVE-2016-3092)
for vulnerability details and information about fixes.

Affected Products and Versions

Affected Product and Version(s)

| Product and Version shipped as a component
—|—
IBM Tivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x which bundled IBM WebSphere version 7.0.0.x.
IBM Tivoli Network Manager 4.1| Bundled the TIP version 2.2.0.x which bundled IBM WebSphere version 7.0.0.x…
IBM Tivoli Network Manager 4.1.1| Bundled the TIP version 2.2.0.x which bundled IBM WebSphere version 7.0.0.x.
IBM Tivoli Network Manager 4.2| IBM Tivoli Network Manager 4.2 requires to install IBM Websphere Application Server Version 8.5.5.5 or later version separately. Users are recommended to apply IBM WebSphere version 8.5.5.5 Security Interim Fixes…