Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary

IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On.

Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server

Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)

IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 | IBM WebSphere Application Server 7.0, 8.5 |

Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server

Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901)

Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)

Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926)

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 | IBM WebSphere Application Server 8.5 |

Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server

Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901)

Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)

Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926)

Workarounds and Mitigations

None