IBM Support

PI33357;8.5.0: Privilege Escalation vulnerability on WAS Liberty Profile

Download


Abstract

Privilege Escalation vulnerability on WebSphere Application Server Liberty Profile

Download Description

PI33357 resolves the following problem:

ERROR DESCRIPTION:
WebSphere Application Server Liberty Profile could allow a remote attacker to gain elevated privileges on the system. This could be caused by 'Run-as' user for EJB not being honored under multi-threaded race conditions.

LOCAL FIX:


PROBLEM SUMMARY:
WebSphere Application Server Liberty Profile could allow a remote attacker to gain elevated privileges on the system. This could be caused by Run-as user for EJB not being honored under multi-threaded race conditions.

PROBLEM CONCLUSION:
Apply Interim fix or fix pack containing this APAR.

Prerequisites

None

Installation Instructions

Please review the readme.txt, which is included with the download file, for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"2601","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI33357/8.5.5.4/readme.txt"}]
On
[{"DNLabel":"8.5.5.2-WS-WLP-DistOnly-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"213614","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.2-WS-WLP-DistOnly-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"2494058","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-OS390-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"2505382","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLP-OS390-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.2-WS-WLP-OS390-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"215432","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.2-WS-WLP-OS390-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4-WS-WLP-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"216879","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WLP-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"2494058","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-OS390-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"2505382","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLP-OS390-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.2-WS-WLP-OS390-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"215432","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.2-WS-WLP-OS390-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4-WS-WLP-IFPI33357","DNDate":"03-03-2015","DNLang":"US English","DNSize":"216879","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.4-WS-WLP-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLPArchive-IFPI33357 Archive In","DNDate":"14 May 2015","DNLang":"US English","DNSize":"2307879","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLPArchive-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8552-wlp-archive-IFPI33357 8552&3 Archive Install","DNDate":"14 May 2015","DNLang":"US English","DNSize":"1394793","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8552-wlp-archive-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8554-wlp-archive-IFPI33357 8554 Archive Install","DNDate":"14 May 2015","DNLang":"US English","DNSize":"1565959","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8554-wlp-archive-IFPI33357&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.4;8.5.5.3;8.5.5.2;8.5.0.2","Edition":"Liberty","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
15 June 2018

UID

swg24039579