Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313 CVSS 5.3)
Download Description
PH58869 addresses the following problem:
ERROR DESCRIPTION:
Confidential for Security Integrity interim fix (CVE-2023-50313 CVSS 5.3)
PROBLEM SUMMARY:
Confidential for Security Integrity interim fix (CVE-2023-50313 CVSS 5.3).
PROBLEM CONCLUSION:
Confidential for (CVE-2023-50313 CVSS 5.3).
ERROR DESCRIPTION:
Confidential for Security Integrity interim fix (CVE-2023-50313 CVSS 5.3)
PROBLEM SUMMARY:
Confidential for Security Integrity interim fix (CVE-2023-50313 CVSS 5.3).
PROBLEM CONCLUSION:
Confidential for (CVE-2023-50313 CVSS 5.3).
The fix for this APAR is targeted for inclusion in 8.5.5.26 and 9.0.5.20.
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
The current interim fix for PH58869 is IFPH61068. This fix also resolves PH59304 (IllegalArgumentException when enabling SP800-131/FIPS140-2 with TLSv1.3)
Prerequisites
None
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table.
Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages. |
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
URL |
---|---|---|---|
8.5.5.24-WS-WAS-IFPH61068 | 09 May 2024 | 1303608 | FC |
9.0.5.15-WS-WAS-IFPH61068 | 09 May 2024 | 1741113 | FC |
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.
Problems Solved
PH58869 PH59304 PH61068
Known Side Effects
If components of the server are configured to use an SSL Alias that does not exist, some operations may fail with the following exception:
com.ibm.websphere.ssl.SSLException: The specified sslAlias =localhost/DefaultSSLSettings does not exist..
To work around the issue until the configuration can be purged of invalid SSL aliases, set the following security custom property:
com.ibm.websphere.ssl.fallback.for.nonexistent.alias=true
Change History
- May 13: Replaced download links with IFPH61068. IFPH61068 resolves/supersedes both PH58869 and PH59304
- April 17: Replaced fixes. Versions of this fix downloaded prior to April 17 (fix ids containing 20240329) may prevent two specialty server types from starting in WebSphere Application Server for Network Deployment and WebSphere Application Server for z/OS, with the an exception message containing the following text:
Caused by: com.ibm.websphere.ssl.SSLException: The specified sslAlias =com.ibm.ssl.alias does not exist
- WebSphere Proxy Servers
- (java) On Demand Routers
On
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.24;8.5.5.25;9.0.5.18;9.0.5.19","Edition":"Base","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
13 May 2024
UID
ibm17145588