Security Bulletin: A security vulnerability has been identified in the IBM WebSphere Application Server that is shipped with IBM Operations Analytics Predictive Insights (CVE-2017-1731)

Summary

IBM WebSphere Application Server is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting the WebSphere Application Server admin console has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Security Bulletin: Potential Privilege Escalation in WebSphere Application Server Admin Console (CVE-2017-1731) for vulnerability details and information about fixes.

Affected Products and Versions

IBM Operations Analytics - Predictive Insights 1.3.6 and earlier.

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Operations Analytics Predictive Insights| 1.3.0,
1.3.1,
1.3.2| Upgrade to IBM Operations Analytics Predictive Insights 1.3.6. Then, upgrade IBM WebSphere Application Server to interim fix 8.5.5.7 or later and apply Interim Fix PI89498 to the <WebSphere_HOME> directory.
IBM Operations Analytics Predictive Insights| 1.3.3,
1.3.5| Upgrade IBM WebSphere Application Server to interim fix 8.5.5.7 or 8.5.5.8 and apply Interim Fix PI89498 to the <WebSphere_HOME> directory.
IBM Operations Analytics Predictive Insight_s_| 1.3.6| Upgrade IBM WebSphere Application Server to interim fix 8.5.5.7 or later and apply Interim Fix PI89498 to the <WebSphere_HOME> directory.

Workarounds and Mitigations

None.