Viewing server vulnerabilities

You can view the vulnerabilities that currently affect a server and information about fixes that were applied to the server on the server details page.

About this task

You must have a user profile with the View WebSphere inventory permission or the Manage WebSphere inventory permission. For more information, see Configuring roles and permissions.

Procedure

  1. Log in to WebSphere Automation; in the menu, click Operate > Application runtimes.
    For more information, see Accessing the WebSphere Automation UI.
  2. You can see the vulnerabilities for an individual server by clicking the server name in the Server column on the Security page or Server management page, then clicking the Vulnerabilities tab in the server details page.

    The Vulnerabilities page opens. An example appears in the following image.

    Figure 1. Viewing Server vulnerabilities page with a list of CVEs that affect the server
    Example Server vulnerabilities page showing list of CVEs that affect the server. Column headings include Risk level, CVE, Status, Days exposed, Detection date.

    If you do not see the menu option Operate > Application Runtimes, or if you see a message that you are not authorized, then you do not have permission to access the page. For more information about permissions, see Roles and permissions.

    Note the following controls:
    • Filtering options:
      CVE
      To show only the servers affected by a CVE, check the box for that CVE in the list. You can select more than one CVE.
    • Sorting options (column headings):
      Risk level
      The numerical rating of the severity of the vulnerability on a scale of 0 to 10, according to the Common Vulnerability Scoring System (CVSS).
      Status
      Either Resolved or Unresolved, depending on whether the applicable fix was applied to the server.
    • Download audit report: Click this link to generate a comma-separated text file with a listing of all of the CV Es that have affected this server. For more information, see Generating an audit report with CVEs for a server.
    Note the following additional column headings:
    CVE
    The CVE ID for the common vulnerability or exposure. You can click this link to open the details page for this CVE.
    Days exposed
    The number of days that the server has been exposed to this vulnerability. WebSphere Automation only accounts for days that the server was exposed beginning with the date that the server was registered. If the applicable fix was installed and then uninstalled, the days during which the fix was installed are not included in the total.
    Detection date
    The date that WebSphere Automation detected the vulnerability on this server.
  3. Use the data to assess the registration status of your application servers.
  4. Click Fix history to see a list of all of the fixes that have been applied to the server while being monitored by WebSphere Automation.
    Figure 2. Viewing Server vulnerabilities page with a history of fixes that are installed on the server
    Example Server vulnerabilities page showing history of fixes that are installed on the server. Column headings include Fix, Action, CVE, and Notification time.
    Note the following controls:
    • Filtering options:
      Fix
      To show only one or more fixes, select them from the list of fixes that were applied to this server.
      Action
      To show only one type of fix action, select it from the list. A fix can be either installed or uninstalled.
      CVE
      To show only the fixes that pertain to one or more associated CVEs, select them from the list of CVEs.
      Time interval
      The number of days for which activity is shown. You can select the last 7, 30, 60, or 90 days, or all of the days for which the server has been monitored by WebSphere Automation.
    • Download audit report: Click this link to generate a comma-separated text file with a complete listing of the fixes that have been applied to this server. For more information, see Generating an audit report with fix history for a server.
    Note the column headings:
    Fix
    The unique identifier of the fix.
    Action
    The action that was taken for the indicated fix. Possible actions are installed or uninstalled.
    CVE
    The CVEs that were associated with the fix. If more than one CVE is associated with a fix, click the link to show more. You can click the CVE link to open the details page for the CVE.
    Notification time
    The date of the action that is indicated for the fix.
  5. Click Fix management to see the installation history for all of the packages of fixes for the server.
    Example Server vulnerabilities page showing the history of fix management records for the server. Column headings include Fix number, Fix package name, Action, Status, Initiation time, and Completion time.
    Note the following controls:
    • Filtering options:
      Status
      To show fix management records of particular status, select one or more states from the list. For more information, see the description of the Status column.
      Action
      To show fix management records that involve installing a fix, select Install. To show fix management records that involve uninstalling a fix, select Uninstall.
    • Download audit report: Click this link to generate an audit report with fix management records for this server in comma-separated text format. For more information, see Generating an audit report of fix management records for a server.
    • Uninstall latest package: Click this link to uninstall only the most recently applied fix package. If you want to uninstall a fix package that is not the most recent, you must first uninstall the more recently applied fix packages in succession.
    Note the column headings:
    Fix number
    The unique, arbitrary number of the fix management record.
    Fix package name
    The ID for the interim fix or fix pack associated with the fix management record.
    Action
    Indicates whether the fix package is being installed or uninstalled as part of this fix management record.
    Status
    The state of the fix. The possible states are:
    • Ready to install. WebSphere Automation has the fix and is ready to install it. To begin the installation of the fix, click the Install fix link in the same row.
    • Fetching fix. WebSphere Automation is still receiving the fix.
    • Installing fix. The fix is being installed.
    • Successful. Depending on the indicated action, the fix is either successfully installed on, or successfully uninstalled from, the selected servers.
    • Failed. The installation of the fix failed. Check the runbook.log file for more information about the cause of the failure.
    • Uninstalling package. The uninstallation of the fix package is in progress.
    Initiation time
    The date that the fix management record is created.
    Completion time
    The date and time of the completion of the action indicated for the fix management record. If the completion date shows Pending for a fix management record, the fix is fetched but is not automatically installed.
    Note the following additional controls:
    Install fix
    When a fix is ready to be installed, the Status column for the Installation ID displays Ready to install and an Install fix link appears in the row. To install the fix on the indicated servers, click Install fix.
    Page controls
    You can select the number of servers to display per page, and move from page to page when the list requires more than one page.