IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK updates in Apri 2023. Information about security vulnerabilities affecting IBM WebSphere Application Server Patterns has been published and is referenced in this security bulletin.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM WebSphere Application Server Patterns | 1.0.0.0 - 1.0.0.7 |
IBM WebSphere Application Server Patterns | 2.2.0.0 - 2.3.3.6 |
Please see the Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the April 2023 CPU to determine which IBM WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2304 can be used to apply the April and July 2022 SDK iFixes in a PureApplication or Cloud Pak System Environment.
Download and apply the interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2304.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_application_server_patterns | any | cpe:2.3:a:ibm:websphere_application_server_patterns:any:*:*:*:*:*:*:* |