Security Bulletin
Summary
Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server.
Affected Products and Versions
The following IBM WebSphere Application Server Versions are affected:
- Version 8.5.5 Full Profile and Liberty Profile
- Version 8.5
- Version 8
- Version 7
Remediation/Fixes
Refer to Security bulletins already published: vulnerabilities
PI49272 Cross-site scripting vulnerability in IBM WebSphere Application Server
PI50993 Apache HTTPComponents vulnerabilities in IBM WebSphere Application Server
PI52395 and PI54962 Vulnerabilities in GSKit component used by IBM HTTP Server
PI58003 Cross-site scripting vulnerability in IBM WebSphere Application Server
If you are using a Docker image built on the websphere-liberty image from Docker Hub, ensure that you are building on a version containing Fix Pack 9 (8.5.5.9), or later. You can use the command "productInfo version" to determine the version contained in an image, for example "docker run websphere-liberty productInfo version".
Get Notified about Future Security Bulletins
References
Change History
18 March 2016: original document published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21979087