Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-8919)

Summary

WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin

• Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)
  for vulnerability details and information about fixes.

Affected Products and Versions

- IBM Business Process Manager V7.5.0.0 through V7.5.1.2

- IBM Business Process Manager V8.0.0.0 through V8.0.1.3

- IBM Business Process Manager V8.5.0.0 through V8.5.0.2

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 CF 2017.03

- WebSphere Process Server V7.0.x

- WebSphere Lombardi Edition V7.2.0.x

At the time of shipping IBM Business Process Manager V8.5.7.0 CF 2017.03, WebSphere Application Server 8.5.5.11 is the latest available fixpack. CF 2017.03 installation instructions include a reference to this vulnerability and advise to manually install the required Interim Fix.

For_ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._

Workarounds and Mitigations

None