IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning

Share this post:

Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Note that product software support discontinuance is approaching as per IBM Withdrawal Announcement 916-016 and fixes will only be available on request. For IBM Withdrawal Announcement details see the

CVE(s):CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448

Affected product(s) and affected version(s):

Primary Product Versions Affected Supporting Product Versions
IBM SmartCloud Provisioning V2.1, V2.1.0.1, V2.1.0.2, V2.1.0.3, V2.1.0.4, V2.1.0.5 and all releases of IBM SmartCloud Provisioning V2.1.0 for IBM Software Virtual Appliance IBM WebSphere Application Server V8.0
IBM SmartCloud Provisioning V2.3, V2.3.0.1, V2.3.0.1 from Interim Fix 1 to Interim Fix 7 IBM WebSphere Application Server V8.0.1 through V8.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg2C1000105
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109946
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109948
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109415
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109949

More stories

IBM Product Security Incident Response

Acknowledgement

May 16, 2022

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2022 Credit to Sankk Dahal Christoph Petersen (Linkedin, Twitter) Abhinav Porwal Sagar Chanchal Disclosures for 2021 Keith Lee Credit to Hassan Raza Disclosures for 2020 ...read more


A new and advanced Rowhammer-based attack on DDR4 memory

March 11, 2020

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments. Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required. IBM Power ...read more


XSA-353 Security Vulnerabilities

November 13, 2019

Security vulnerability CVE-2020-29479 could potentially enable a denial of service attack or allow unauthorized access to the hypervisor, and is addressed by Citrix in XSA-353 security advisories. IBM Cloud has worked with its technology partners to deploy mitigation and remediation measures. There is no known malicious exploit of this vulnerability at this time. ...read more