Security Bulletin: WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary

IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to the security bulletin listed in the Remediation/Fixes section.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Upgrading Liberty to 24.0.0.3 or later fixes the security issue (CVE-2023-50312) reported by the following IBM WebSphere Application Server security bulletin:

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

To upgrade the version of Liberty used by Central Administration Console (CAC) perform the following steps:

1. Download the Liberty update, (e.g., wlp-base-all-24.0.0.3.jar or later) from:

Recommended updates for WebSphere Application Server (ibm.com)

2. Change the jar file to a zip file (e.g., change wlp-base-all-24.0.0.3.jar to wlp-base-all-24.0.0.3.zip or later)

3. Run net stop CAC_Service

4. Unzip the file (e.g., unizip wlp-base-all-24.0.0.3.zip)

5. Copy the wlp folder into the CAC install directory, typically C:\Program Files\Tivoli\TSM\CAC

6. Run net start CAC_Service

Workarounds and Mitigations

None