IBMCF2FBE72883169426AF4B934A63CDBF2BB0EE0F0DAB807F0737C26865AF0ACE3Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server April 2023 CPU that is bundled with IBM WebSphere Application Server Patterns
Summary
IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK updates in Apri 2023. Information about security vulnerabilities affecting IBM WebSphere Application Server Patterns has been published and is referenced in this security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
IBM® Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.3.3.6.
| Affected Product(s) | Version(s) |
|---|---|
| IBM WebSphere Application Server Patterns | 1.0.0.0 - 1.0.0.7 |
| IBM WebSphere Application Server Patterns | 2.2.0.0 - 2.3.3.6 |
Remediation/Fixes
Please see the Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the April 2023 CPU to determine which IBM WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2304 can be used to apply the April and July 2022 SDK iFixes in a PureApplication or Cloud Pak System Environment.
Download and apply the interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2304.
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server_patterns | any | cpe:2.3:a:ibm:websphere_application_server_patterns:any:*:*:*:*:*:*:* |