Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU October 2016)

Summary

WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published in a security bulletin.

Vulnerability Details

Please consult the Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) for vulnerability details and information about fixes.

Affected Products and Versions

• • IBM Business Process Manager V7.5.x through V8.5.7.0 (including Process Federation Server on WebSphere Liberty Profile)
• WebSphere Process Server V7.0.x
• WebSphere Lombardi Edition V7.2.0.x

For_ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._

Workarounds and Mitigations

None