WebSphere Application Server (WSAS) uses a Java Development ToolKit (JDK) as its base component. It is important to remain current on the latest JDK Service Release (SR) for your version of WSAS.
There are many situations where hackers are able to exploit a security hole in the JDK that can expose your environment. Many critical situations have arisen from clients running an older JDK SR which were resolved by updating the JDK to the latest SR. The latest fixes are released as part of quarterly builds that include the CVE - Common Vulnerabilities and Exposure. Thus, the quickest resolution to many problems is achieved by simply upgrading and maintaining the JDK with the latest fixes.
Interim fixes (iFixes or individual apar fixes) will only be supplied on top of the latest Service Release (SRn) or the prior SR(SRn-1). Running on an early SR level puts IBM's ability to deliver interim fixes(iFixes) at risk and thus iFixes will only be supplied on top of the latest SR (SRn) or the prior SR(SRn-1). It is required that you stay current with the latest JDK SR to get a fix.
As part of problem diagnostics you may be requested to upgrade to the latest JDK SR code base, as sometimes there are issues collecting certain types of data with older levels.
1) IBM will not be able to deliver iFixes on early levels of a JDK.
2) You are required to be at the JDK SR levels that are no later than SRn-1.
How to obtain JDK fixes for WebSphere Application Server
Latest Fixpacks for WebSphere/JDK
WAS Support Site