IBM Support

PI33202;8.5.0: Ifix for OAuth in the Liberty profile

Download


Abstract

Potential elevated privileges for OAuth in the Liberty profile

Download Description

PI33202 resolves the following problem:

ERROR DESCRIPTION:
WebSphere Application Server Full Profile and Liberty Profile could allow a remote attacker to gain elevated privileges on the system cause when OAuth grant type of password is used.

PROBLEM SUMMARY:
WebSphere Application Server Full Profile and Liberty Profile could allow a remote attacker to gain elevated privileges on the system cause when OAuth grant type of password is used.


PROBLEM CONCLUSION:
Install Fix pack or interim fix

The APAR for the same issue in the Full profile is PI36211.

Keywords: IBMWL3WSS, OAUTH, LIBERTY, INTERIMFIX

Prerequisites

None

Installation Instructions

Please review the readme.txt, which is included with the download file, for detailed installation instructions.

[{"INLabel":"8.5.5.4 Liberty Profile Archive Fix Readme","INLang":"US English","INSize":"2130","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/wlparchive\/support\/fixes\/PI33202\/8.5.5.4\/readme.txt"},{"INLabel":"8.5.0.2 Liberty Profile Archive Fix Readme","INLang":"US English","INSize":"1962","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/wlparchive\/support\/fixes\/PI33202\/8.5.0.2\/readme.txt"},{"INLabel":"8.5.5.2 Liberty Profile Archive Fix Readme","INLang":"US English","INSize":"1984","INURL":"ftp:\/\/public.dhe.ibm.com\/software\/websphere\/appserv\/wlparchive\/support\/fixes\/PI33202\/8.5.5.2\/readme.txt"}]
On
[{"DNLabel":"8.5.5.2-WS-WLP-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"659862","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.2-WS-WLP-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8.5.5.4-WS-WLP-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"1342489","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.4-WS-WLP-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8552-wlp-archive-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"1840885","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8552-wlp-archive-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8554-wlp-archive-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"2691244","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8554-wlp-archive-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"698088","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLP-DistOnly-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-OS390-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"709366","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLP-OS390-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLPArchive-IFPI33202","DNDate":"03-13-2015","DNLang":"US English","DNSize":"512102","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.0.2-WS-WASProd_WLPArchive-IFPI33202&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.0.2;8.5.5.2;8.5.5.4","Edition":"Base;Network Deployment"}]

Document Information

Modified date:
15 June 2018

UID

swg24039594