Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM) (CVE-2017-1583, CVE-2011-4343)

Summary

WebSphere Application Server is shipped as a component of IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin

• Security Bulletin: Multiple vulnerabilities affect Java Server Faces (JSF) used by WebSphere Application Server (CVE-2017-1583, CVE-2011-4343)

for vulnerability details and information about fixes.

Affected Products and Versions

- IBM Business Process Manager V8.0.0.0 through V8.0.1.3

- IBM Business Process Manager V8.5.0.0 through V8.5.0.2

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

- IBM Business Process Manager V8.6.0.0

- IBM Business Process Manager Enterprise Service Bus V8.6.0.0

For_ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._

Workarounds and Mitigations

None