Download

Abstract

This patch provides an update for the IBM Tivoli Monitoring WebSphere components.

Download Description

This fix upgrades the WebSphere Application Server (WAS/IHS) which is shipped as part of the IBM Tivoli Monitoring portal server, to 8.5.5.22 plus more interim fixes referred to as interim fix Block 1. Note this fix is cumulative and includes previous interim fixes plus more fixes.

The fixes included in interim fix Block 1 are:

PH46332:IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477 CVSS 6.1)
PH46816:IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165 CVSS 5.4)
PH46342:IBM WebSphere Application Server is vulnerable to an Information Disclosure (CVE-2022-22473 CVSS 3.7)
PH47531:IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336 CVSS 5.4)
PH47385:IBM WebSphere Application Server is vulnerable to Server-side Request Forgery (CVE-2022-35282 CVSS 4.3)
PH48649: Ship Java 8 SR7 FP15 for WebSphere Application Server traditional bundled Java 8
PH49572: IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674 CVSS 9.8)

Prerequisites

Required	URL	Language
IBM Tivoli Monitoring 6.3.0 Fix Pack 7 Service Pack 5 or later service pack	https://www.ibm.com/support/pages/node/6174183	English

Download Package

Download	Release Date	Language	Download Options What is Fix Central(FC)
6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.22.01	Nov 10 2022	English	FC

How critical is this fix?

This fix addresses issues as reported in the following notices:

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2022 CPU plus deferred CVE-2021-2163

Change History

Created or Revised By	Date YYYY/MM/DD	Summary of changes
DMH	2022/11/07	Document Corrected and republished

Off

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"ARM Category":[{"code":"a8m500000008bmsAAA","label":"TEPS Category-\u003ETEPS eWAS"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.3.0"}]

Product Synonym

ITM

Was this topic helpful?

Document Information

Modified date:
07 November 2022

UID

ibm16829171

Tips

IBM Tivoli Monitoring WebSphere Application Server and IHS Upgrade ( 6.X.X-TIV-ITM_TEPS_WAS-IHS_8.55.22.01)