Security Bulletin: Security vulnerabilities have been identified in the WebSphere Application Server where the RAM is deployed.


## Summary In the WebSphere Application Server where the Rational Asset Manager is deployed, a remote attacker could exploit the vulnerabilities such as spoofing attacks, execute arbitrary codes, exploit sensitive information and so on. Information about these security vulnerabilities affecting WebSphere Application Server has been published in security bulletins. ## Vulnerability Details Refer to the security bulletin listed in the Remediation/Fixes section. ## Affected Products and Versions IBM Rational Asset Manager 7.5 and NOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server. ## Remediation/Fixes Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS). Affected Supporting Product | Affected Supporting Product Security Bulletin ---|--- IBM WebSphere Application Server Version 7.0 | [Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)](<http://www-01.ibm.com/support/docview.wss?uid=swg22015348>) [Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI](<http://www-01.ibm.com/support/docview.wss?uid=swg22016214>) [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) [Security Bulletin: Information disclosure in WebSphere Application Server with SAML (CVE-2018-1614)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016887>) [Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016821>) ## Workarounds and Mitigations None. ##

Affected Software

CPE Name Name Version
rational asset manager