Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Business Service Manager (CVE-2015-4938)

Summary

IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin PI37396: Potential spoofing vulnerability in WebSphere Application Server for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Business Service Manager 6.1.x| WebSphere 7.0

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Business Service Manager 6.1.x| WebSphere 7.0

This will be fixed in upcoming WebSphere Application Server Fix packs 70039 (11/2/2015)

Before the fix pack is released, an interim fix for APAR PI37396 can be applied. See <http://www-01.ibm.com/support/docview.wss?uid=swg24040530&gt;