IBM Support

PI73367:Potential cross-site scripting vulnerability in WebSphere Application Server Admin Console

Download


Abstract

Potential cross-site scripting vulnerability in WebSphere Application Server Admin Console

Download Description

PI73367 resolves the following problem:

ERROR DESCRIPTION:
Potential cross-site scripting vulnerability in WebSphere Application Server Admin Console.

PROBLEM SUMMARY:
Potential cross-site scripting vulnerability in WebSphere Application Server Admin Console.

PROBLEM CONCLUSION:
Confidential for Security Integrity ifix.

THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.29-WS-WAS-IFPI73367.pak installs on 7.0.0.29 through 7.0.0.41.
7.0.0.29-WS-WASEmbeded-IFPI73367.pak installs on 7.0.0.29 through 7.0.0.41.
8.0.0.0-WS-WASEmbeded-IFPI73367.zip installs on 8.0.0.0 through 8.0.0.12.
8.0.0.0-WS-WASProd-IFPI73367.zip installs on 8.0.0.0 through 8.0.0.12.
8.0.0.13-WS-WAS-IFPI73367.zip installs on 8.0.0.13.
8.5.0.0-WS-WAS-IFPI73367.zip installs on 8.5.0.0 through 8.5.0.2.
8.5.5.0-WS-WAS-IFPI73367.zip installs on 8.5.5.0 through 8.5.5.11.
9.0.0.0-WS-WAS-IFPI73367.zip installs on 9.0.0.0 through 9.0.0.2.

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"V70 Readme","INLang":"US English","INSize":"5114","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI73367/7.0.0.41/readme.txt"},{"INLabel":"V80 Readme","INLang":"US English","INSize":"2464","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI73367/8.0.0.12/readme.txt"},{"INLabel":"V85 Readme","INLang":"US English","INSize":"2526","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI73367/8.5.5.11/readme.txt"},{"INLabel":"V90 Readme","INLang":"US English","INSize":"2328","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI73367/9.0.0.2/readme.txt"}]
On
[{"DNLabel":"7.0.0.29-WS-WAS-IFPI73367","DNDate":"02-06-2017","DNLang":"US English","DNSize":"37337","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.29-WS-WAS-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.29-WS-WASEmbeded-IFPI73367","DNDate":"9 Aug 2017","DNLang":"US English","DNSize":"9730","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=7.0.0.29-WS-WASEmbeded-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WASProd-IFPI73367","DNDate":"02-06-2017","DNLang":"US English","DNSize":"289117","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.0-WS-WASProd-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.0-WS-WASEmbeded-IFPI73367","DNDate":"02-06-2017","DNLang":"US English","DNSize":"268342","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.0-WS-WASEmbeded-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.13-WS-WAS-IFPI73367","DNDate":"1 Mar 2017","DNLang":"US English","DNSize":"280669","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.0.0.13-WS-WAS-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.0-WS-WAS-IFPI73367","DNDate":"02-06-2017","DNLang":"US English","DNSize":"277465","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.0.0-WS-WAS-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.0-WS-WAS-IFPI73367","DNDate":"02-06-2017","DNLang":"US English","DNSize":"290594","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.0-WS-WAS-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"9.0.0.0-WS-WAS-IFPI73367","DNDate":"02-06-2017","DNLang":"US English","DNSize":"277441","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=9.0.0.0-WS-WAS-IFPI73367&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF014","label":"iOS"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.0.1;9.0.0.0;8.5.5.9;8.5.5.8;8.5.5.7;8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.10;8.5.5.1;8.5.5;8.5.0.2;8.5.0.1;8.5;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0;7.0.0.41;7.0.0.39;7.0.0.37;7.0.0.35;7.0.0.33;7.0.0.31;7.0.0.29;9.0.0.2;8.5.5.11;8.0.0.13","Edition":"Advanced;Base;Developer;Enterprise;Express;Network Deployment;Single Server","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24043318