Summary

IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK updates in January 2023. Information about security vulnerabilities affecting IBM WebSphere Application Server Patterns has been published and is referenced in this security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM® Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.3.3.6.

Remediation/Fixes

Please see the Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the January 2023 CPU to determine which IBM WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2301 can be used to apply the April and July 2022 SDK iFixes in a PureApplication or Cloud Pak System Environment.

Download and apply the interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2301.

Workarounds and Mitigations

None