IBM Support

Security Bulletin: IBM WebSphere Dynamic Process Edition – Information regarding security vulnerability in IBM SDK for Java, shipped with IBM WebSphere Application Server and addressed by Oracle CPU June 2013

Created by Jens Engelke on
Published URL:
https://www.ibm.com/support/pages/node/230795
230795

Security Bulletin


Summary

Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server included in IBM WebSphere Dynamic Process Edition.

Vulnerability Details

This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM SDK for Java™ and is part of the Oracle April 2013 critical patch updates (CPU) and other security updates from Oracle. For details on these updates refer to the Reference section of this bulletin or refer to the Problem Summary of the Interim Fixes.

IBM WebSphere Dynamic Process Edition is shipped with a version of IBM WebSphere Application Server, which in turn is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released June 2013 critical patch updates (CPU) which contain security vulnerability fixes and the IBM SDK for Java has been updated to incorporate those updates.

The Oracle June 2013 CPU among other things refers to the following vulnerability, which has been reported previously:

CVE 2013-1571: HTML documentation generated by the Javadoc tool contains a security vulnerability. Refer to this document for more information: http://www.ibm.com/support/docview.wss?uid=swg21642027

Affected Products and Versions

IBM WebSphere Dynamic Process Edition 6.1.2, 6.2.x, 7.0.0, 7.0.1

Remediation/Fixes

Install WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in http://www.ibm.com/support/docview.wss?uid=swg21644157

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Off
IBM Security Alerts
Oracle Java SE Critical Patch Update Advisory - June 2013
CVE-2013-1571
X-Force Vulnerability Database

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

2013-08-16 Original Copy Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSBN76","label":"WebSphere Dynamic Process Edition"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"WebSphere Dynamic Process Edition Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.1.1;7.0.1;7.0.0.3;7.0.0.2;7.0.0.1;7.0;6.2;6.1.2","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21647020

Page Feedback