IBM Support

PI83563: UPDATE THE BATIK LIBRARY IN ISCLITE.EAR TO 1.9

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The batik library 1.6.1 in isclite.ear has XXE vulnerability
    CVE-2017-5662
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: Batik 1.6.1 vulnerable jar was being    *
    *                      utilized in components                  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    An Open Source Apache Batik 1.6.1 jar was being used which was
    vulnerable.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI83563

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-26

  • Closed date

    2017-09-18

  • Last modified date

    2017-09-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
19 October 2021