IBM Support

IBM Tivoli Monitoring WebSphere Application Server and IHS Upgrade ( 6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.24.01)

Download


Abstract

This patch provides an update for the IBM Tivoli Monitoring WebSphere components.

Download Description

This fix upgrades the WebSphere Application Server (WAS/IHS) which is shipped as part of the IBM Tivoli Monitoring portal server, to 8.5.5.24 plus more interim fixes referred to as interim fix Block 1.  Note this fix is cumulative and includes previous interim fixes plus more fixes.  


The fixes included in interim fix Block 1 are:

PH50863:IBM WebSphere Application Server Liberty is vulnerable to a Denial of Service (CVE-2023-24998 CVSS 7.5)
PH53014: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690 CVSS 6.1)
PH52546:IBM HTTP Server is vulnerable to information disclosure due to IBM GSKit (CVE-2023-32342 CVSS 7.5)
PH48747:IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161 CVSS 4.8)
PH53252:XXE Injection Vulnerability in WebSphere Application Server (CVE-2023-27554 CVSS 6.3)
PH52785:IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966 CVSS 6.1)
PH54406:IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)
PH54908: Ship Java 8 SR8 FP5 for WebSphere Application Server traditional bundled Java 8


 

Prerequisites

Required URL Language
IBM Tivoli Monitoring 6.3.0 Fix Pack 7 Service Pack 5 or later service pack https://www.ibm.com/support/pages/node/6174183 English

Download Package

Download Release Date Language Download Options
What is Fix Central(FC)
6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.24.01  Aug 31 2023 English FC

How critical is this fix?

This fix addresses issues as reported in the following notices:

Change History

Created or Revised By Date YYYY/MM/DD Summary of changes
DMH 2023/08/31 Document Published

Off
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"ARM Category":[{"code":"a8m500000008bmsAAA","label":"TEPS Category-\u003ETEPS eWAS"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.3.0"}]

Product Synonym

ITM

Document Information

Modified date:
31 August 2023

UID

ibm17006035

Page Feedback