Security Bulletin: Multiple security vulnerabilities has been identified in IBM Websphere Application Server shipped with IBM Security/Tivoli Directory Server (CVE-2016-5983 and CVE-2016-5986)

Summary

IBM Websphere Application Server is shipped as a component of IBM Security/Tivoli Directory Server. Information about a security vulnerabilities affecting IBM Websphere Application Server has been published in security bulletins.

Vulnerability Details

Please see following security bulletins for vulnerabilities details:
Code execution vulnerability in WebSphere Application Server (CVE-2016-5983) and
Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986).

Affected Products and Versions

Affected Product and Version(s)

| Product and Version shipped as a component
—|—
IBM Security Directory Server Version 6.4| IBM WebSphere Application Server Version 8.5.5.9
IBM Security Directory Server Version 6.3.1 and
Tivoli Directory Server Version 6.3| IBM WebSphere Application Server Version 7.0.0.41

Remediation/Fixes

Apply WebSphere Application Server Interim Fix PI70737 for Vulnerability - (CVE-2016-5983) and PI67093 for Vulnerability -(CVE-2016-5986).
After the above we can refer to SDS recommended fixes .
Note: 8.5.5.11 has already included both the vulnerabilty fixes.

Workarounds and Mitigations

None