Security Bulletin:A security vulnerability has been identified in IBM WebSphere Application Server affects Tivoli Business Service Manager (CVE-2015-1885)

Summary

IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin PI36211;8.5.0: Security Integrity ifix for OAuth in the full profile for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Business Service Manager 6.1.x| WebSphere 7.0

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Business Service Manager 6.1.x| WebSphere 7.0

• Apply Interim Fix PI36211
  -- OR
• Apply Fix Pack 39 (7.0.0.39), or later (targeted availability 18 September 2015).
• After the fix pack is installed, the fix will not be active until the installed OAuth ear, WebSphereOauth20SP.ear, is updated from the (WAS_HOME)/installableApps directory.

See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083&gt;