Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-0378)

Summary

IBM WebSphere Application Server (WAS) Liberty profile is shipped as a component of IBM Streams. Information about a security vulnerabilities affecting WAS Liberty profile has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2016-0378**
DESCRIPTION:** IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions when a default error page does not exist.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112240 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

• • IBM Streams Version 4.2.0.0
• IBM InfoSphere Streams Version 4.1.1.1 and earlier
• IBM InfoSphere Streams Version 4.0.1.2 and earlier
• IBM InfoSphere Streams Version 3.2.1.5 and earlier
• IBM InfoSphere Streams Version 3.1.0.7 and earlier
• IBM InfoSphere Streams Version 3.0.0.5 and earlier

Remediation/Fixes

NOTE: Fix Packs are available on IBM Fix Central.

• Version 4.2.0:
  • Apply 4.2.0 Fix Pack 2 (4.2.0.1) or higher.
• Version 4.1.1:
  • Contact IBM Technical Support.
• Version 4.0.1:
  • Apply 4.0.1 Fix Pack 3 (4.0.1.3) or higher.
• Version 3.2.1:
  • Apply 3.2.1 Fix Pack 6 (3.2.1.6) or higher.
• Version 3.1.0:
  • Contact IBM Technical Support.
• Version 3.0.0:
  • Contact IBM Technical Support.

Workarounds and Mitigations

None