Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary

Websphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about security vulnerabilities affecting WAS has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Please consult the security bulletin IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775) for vulnerability details and information about fixes.

Please consult the security bulletin IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354) for vulnerability details and information about fixes.

Please consult the security bulletin IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313) for vulnerability details and information about fixes.

Please consult the security bulletin IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329) for vulnerability details and information about fixes.

Please consult the security bulletin IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026) for vulnerability details and information about fixes.

Workarounds and Mitigations

None