Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational RequisitePro (CVE-2015-1920)

Summary

IBM WebSphere Application Server is shipped as a component of IBM Rational RequisitePro. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920) for vulnerability details and information about fixes.

Affected Products and Versions

IBM Rational RequisitePro, RequisiteWeb component, Versions 7.1.x.x

Remediation/Fixes

Review the security bulletin referenced above and apply the relevant fixes to your WAS installation used for RequisiteWeb.

Affected Versions

|

** Applying the fix**

—|—
7.1.0.x, 7.1.1.x, and 7.1.2.x| Document 1390803 explains how to update WebSphere Application Server for RequisiteWeb installations at release 7.1.0.x, 7.1.1.x and 7.1.2.x. Consult those instructions when applying the fix.
7.1.3.x and 7.1.4.x| Apply the appropriate WebSphere Application Server fix directly to your RequisiteWeb server host.

Workarounds and Mitigations

None