Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect for Workstations Central Administration Console (CVE-2021-39031)

Summary

IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to the security bulletin link proviced in the Remediation/Fixes section.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Upgrading Liberty to 22.0.0.2 or later fixes the security issue (CVE-2021-39031) reported by the following IBM WebSphere Application Server Liberty security bulletin:

<https://www.ibm.com/support/pages/node/6550488&gt;

To upgrade the version of Liberty used by Central Administration Console (CAC) perform the following steps:

1. Download the Liberty update, (e.g., wlp-base-all-22.0.0.2.jar or later) from:
<https://www.ibm.com/support/pages/22002-websphere-application-server-liberty-22002&gt;

2. Change the jar file to a zip file (e.g., change wlp-base-all-22.0.0.2.jar to wlp-base-all-22.0.0.2.zip or later)

3. Run net stop CAC_Service

4. Unzip the file (e.g., unizip wlp-base-all-22.0.0.2.zip)

5. Copy the wlp folder into the CAC install directory, typically C:\Program Files\Tivoli\TSM\CAC

6. Run net start CAC_Service

Workarounds and Mitigations

None