Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary

WebSphere Application Server (WAS) is shipped as a component of WebSphere Process Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”.

Vulnerability Details

Please consult Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448) for vulnerability details and information about fixes.

Affected Products and Versions

• WebSphere Process Server 7.0.x
• WebSphere Process Server Hypervisor Editions V7.0

General support for WebSphere Process Server ended 2015-04-30. Hypervisor editions were in support until 2015-09-30. You are strongly advised to upgrade to a supported product such as IBM Business Process Manager Advanced Edition.

Remediation/Fixes

Please consult Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448) for vulnerability details and information about fixes.

Workarounds and Mitigations

None