IBM® SDK Java™ Technology Edition integrated within WebSphere Application Server is shipped as a component of IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.
Please consult the security bulletin Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU for vulnerability details.
Affected Product and Version(s)
| Product and Version shipped as a component
—|—
Tivoli Network Manager 3.8| Bundled the TIP version 1.1.1.x, IBM WebSphere version 6.1.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 5.
Tivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Tivoli Network Manager 4.1| Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Tivoli Network Manager 4.1.1| Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Upgrade your SDK to an interim fix level as determined below:
_<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>_****_
_
Download and apply the interim fix APARs below, for your appropriate release:
For Tivoli Network Manager IP Edition 3.9, 4.1 and 4.1.1 versions, WebSphere V7.0.0.0 through 7.0.0.33:
Apply Interim Fix PI20799: Will upgrade you to IBM Java SDK Version 6 Service Refresh 16 Fix Pack 1
--OR–
Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 35 (7.0.0.35) or later (targeted to be available 13 October 2014).
**
For Tivoli Network Manager IP Edition 3.8 version, WebSphere V6.1.0.0 through 6.1.0.47:**
Contact IBM Support and apply Interim Fix PI20800: Will upgrade you to IBM Java SDK Version 5.0 Service Refresh 16 Fix Pack 7