Download

Abstract

This patch provides an update for the IBM Tivoli Monitoring WebSphere components.

Download Description

This fix upgrades the WebSphere Application Server (WAS/IHS) which is shipped as part of the IBM Tivoli Monitoring portal server, to 8.5.5.25 plus more interim fixes referred to as interim fix Block 2.

This fix only upgrades the IHS for Windows which is shipped as part of the IBM Tivoli Monitoring portal server, to 8.5.5.25 plus more interim fixes referred to as interim fix Block 1.

Note this fix is cumulative and includes previous interim fixes plus more fixes.

The fixes included in interim fix Block 1 are:

PH58869: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313 CVSS 5.3)
PH59117:IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329 CVSS 4.3)
PH59682: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
PH59697: IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425 CVSS 7.5)
PH59781: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026 CVSS 5.9)
PH60195(PH61002): OIDC v1.5.3; IBM WebSphere Application Server is vulnerable to a denial of service due to jose4j (CVE-2023-51775 CVSS 7.5)
PH60619: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795 CVSS 6.5, CVE-2023-38709 CVSS 6.5)

The fixes included in interim fix Block 2 are:

The fixes listed in Block 1 and also

PH60904: Ship Java 8 SR8 FP25 for WebSphere Application Server traditional bundled Java 8

Prerequisites

Required	URL	Language
IBM Tivoli Monitoring 6.3.0 Fix Pack 7 Service Pack 5 or later service pack	https://www.ibm.com/support/pages/node/6174183	English

Download Package

Download	Release Date	Language	Download Options What is Fix Central(FC)
6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.25.02	Jun 27 2024	English	FC

How critical is this fix?

This fix addresses issues as reported in the following notices:

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server

Change History

Created or Revised By	Date YYYY/MM/DD	Summary of changes
DMH	2024/06/27	Document Published

Off

[{"Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"ARM Category":[{"code":"a8m500000008bmsAAA","label":"TEPS Category-\u003ETEPS eWAS"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.3.0"}]

Product Synonym

ITM

Was this topic helpful?

Document Information

Modified date:
27 June 2024

UID

ibm17159004

Tips

IBM Tivoli Monitoring WebSphere Application Server and IHS Upgrade ( 6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.25.02)