Lucene search

K
ibmIBMEB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49
HistorySep 26, 2020 - 6:24 p.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2015-0899, CVE-2014-0114, CVE-2016-1181 and CVE-2016-1182)

2020-09-2618:24:35
www.ibm.com
27

0.973 High

EPSS

Percentile

99.9%

Summary

WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s) WebSphere Application Server Version
IBM Security Key Lifecycle Manager 4.0 9.0.5
IBM Security Key Lifecycle Manager 3.0.1 9.0.0.5
IBM Security Key Lifecycle Manager 3.0 9.0.0.5
IBM Security Key Lifecycle Manager 2.7 9.0.0.1

Remediation/Fixes

Please consult the following bulletins:

Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)
Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114
Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)

for vulnerability details and information about fixes.

Workarounds and Mitigations

None