Security Bulletin
Summary
IBM WebSphere Application Server is shipped as a component of multiple IBM Security products. Information about a security vulnerability affecting these products has been published in a security bulletin.
Vulnerability Details
Please consult the security bulletin Classloader Manipulation Vulnerability in IBM WebSphere Application Server (CVE-2014-0114) for vulnerability details.
Affected Products and Versions
|
Principal Product and Versions | Affected Supporting Product and Version |
| IBM Security Access Manager for Enterprise Single Sign-On 8.1 | WebSphere Application Server Network Deployment 7.0 |
| IBM Security Access Manager for Enterprise Single Sign-On 8.2 | WebSphere Application Server Network Deployment 7.0 |
| IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 | WebSphere Application Server Network Deployment 8.5 |
| IBM Tivoli Identity Manager 5.0 | WebSphere Application Server - Base 6.1 WebSphere Application Server Network Deployment 7.0 |
| IBM Tivoli Identity Manager 5.1 | WebSphere Application Server Network Deployment 6.1 WebSphere Application Server Network Deployment 7.0 |
| IBM Security Identity Manager 6.0 | WebSphere Application Server Network Deployment 7.0 |
| IBM Tivoli Access Manager for e-business 6.0, 6.1, 6.1.1 (Note: Version 5.1 is no longer supported. IBM recommends upgrading to a supported version of the product.) | WebSphere Application Server 6.1 and 7.0 |
| IBM Tivoli Federated Identity Manager 6.1.1, 6.2.0, 6.2.1, 6.2.2 | WebSphere Application Server 6.1 and 7.0 |
| IBM Tivoli Federated Identity Manager Business Gateway 6.1.1, 6.2.0, 6.2.1, 6.2.2 | WebSphere Application Server 6.1 and 7.0 |
| IBM Tivoli Key Lifecycle Manager 1.0, 2.0, 2.0.1 | Websphere Application Server 6.1.0.0 through 6.1.0.47 |
| IBM Tivoli Security Policy Manager 7.0, 7.1 | WebSphere Application Server 6.1 and 7.0 |
| IBM Tivoli Directory Server 6.1 | embedded version of IBM WebSphere Application Server 6.1 |
| IBM Tivoli Directory Server 6.2 | embedded version of IBM WebSphere Application Server 6.1 |
| IBM Tivoli Directory Server 6.3 | embedded version of IBM WebSphere Application Server 7.0 |
| IBM Security Directory Server 6.3.1 | embedded version of IBM WebSphere Application Server 7.0 |
| IBM Tivoli Security Information and Event Manager 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9 | WebSphere Application Server 6.1.0.27 |
Get Notified about Future Security Bulletins
References
Change History
3 June 2014 - Added IBM Tivoli Security Information and Event Manager
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
19 August 2022
UID
swg21674742