Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-8039)

Summary

WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server and User Management Service (new in BAW 18.0.0.1) in IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional and WebSphere Application Server Liberty have been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039) for vulnerability details and information about fixes.

Affected Products and Versions

The reported vulnerability affects WebSphere Application Server (traditional) V9, which is not supported by any version of IBM Business Process Manager or IBM Business Automation Workflow. The same vulnerability affects WebSphere Application Server Liberty, which is included in IBM Business Process Manager V8.5.5 and later and IBM Business Automation Workflow V18. WebSphere Application Server Liberty is also included in User Management Service shipped with Business Automation Workflow V18.0.0.1.

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03

- IBM Business Automation Workflow V18.0.0.0 through V18.0.0.1