IBM Support

JR55110: MULTIPLE VULNERABILITIES IN IBM SDK FOR JAVA SHIPPED WITH IBM PROCESS DESIGNER AND WEBSPHERE LOMBARDI EDITION

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There are multiple vulnerabilities in IBM SDK Java Technology
    Edition, which IBM WebSphere Application Server uses in IBM
    Business Process Manager (BPM) and IBM WebSphere Lombardi
    Edition. These issues were disclosed as part of the "Multiple
    vulnerabilities in current releases of the IBM SDK, Java
    Technology Edition" in January 2016. For more information, see
    "Security Bulletin: Security vulnerabilities have been
    identified in IBM WebSphere Application Server shipped with IBM
    Business Process Manager and WebSphere Lombardi Edition
    (CVE-2016-0483, CVE-2016-0475, CVE-2016-0466, CVE-2015-7575,
    CVE-2016-0448)"
    (http://www.ibm.com/support/docview.wss?uid=swg21977021).
    
    PRODUCTS AFFECTED
    IBM BPM Advanced
    IBM BPM Standard
    IBM BPM Express
    WebSphere Lombardi Editon
    

Local fix

Problem summary

  • No additional information is available.
    

Problem conclusion

  • A fix is available for the latest fix pack of all supported
    releases of IBM BPM and WebSphere Lombardi Edition.
    
    On Fix Central (http://www.ibm.com/support/fixcentral), search
    for JR55110:
    
        1. Select IBM Business Process Manager with your edition or
    IBM WebSphere Lombardi Edition from the product selector, the
    installed version to the fix pack level, and your platform, and
    then click Continue.
        2. Select APAR or SPR, enter JR55110, and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR55110

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    751

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-01-27

  • Closed date

    2016-02-23

  • Last modified date

    2016-02-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM ADVANCED

  • Fixed component ID

    5725C9400

Applicable component levels

  • R751 PSY

       UP

  • R801 PSY

       UP

  • R850 PSY

       UP

  • R855 PSY

       UP

  • R856 PSY

       UP

  • R857 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
23 February 2016