Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Workload Scheduler (CVE-2016-3092)

Summary

IBM WebSphere Application Server is shipped as a component of Tivoli Workload Scheduler. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin <http://www-01.ibm.com/support/docview.wss?uid=swg21987864&gt; for vulnerability details and information about fixes

Affected Products and Versions

IBM Workload Scheduler is potentially impacted by the listed vulnerability since it potentially affects secure communications between eWAS and subcomponents.

The affected version is:
Tivoli Workload Scheduler Distributed 8.6.0
Tivoli Dynamic Workload Console 8.6.0
Tivoli Workload Scheduler z/OS Connector 8.6.0

Remediation/Fixes

IBM has provided patches for all embedded WebSphere versions.
Follow the instructions in the link below to install the fixes for eWAS 7.0.0.39 that is embedded in TWS 8.6 fixpack 04 :

<http://www-01.ibm.com/support/docview.wss?uid=swg21987864&gt;

For TWS 8.6 version, the fixes can be applied only on top of TWS 8.6 fixpack 04.

For_ unsupported versions, releases or platforms__ IBM recommends upgrading to a fixed, supported version/release/platform of the product._

Workarounds and Mitigations

none