IBM Support

Security Bulletins for WebSphere Application Server



This security bulletin for WebSphere Application Server is a way for you to obtain security risk assessment information for APARs that are considered Security Integrity. If there is any potential risk of exposure, the APAR will be marked as Security Integrity. Some APARs are marked as Security Integrity that are low risk and do not impact every client. The intention is to provide enough risk assessment information to allow you to assess if a particular APAR will impact your organization.

Each Security Integrity APAR will be listed by leveraging the IBM Xforce vulnerability reporting system. Each APAR is carefully researched and properly analyzed by WebSphere development and an IBM X-Force research team of security experts to properly rate and assess the risk of the vulnerability. The IBM X-Force team uses the industry standard Common Vulnerability Scoring System (CVSS) process for rating.

You can use this information in order to assess if a particular Security Integrity APAR applies to your environment.


There is a document WebSphere Application Server and IBM HTTP server Security Bulletin List that includes all CVE's from 2014 to the present that affect either WebSphere Application Server or IBM HTTP server.

If you subscribe to My Notifications you will be notified every time a new Security bulletin is published for WebSphere Application Server. You can also refer to the Recommended fixes for WebSphere Application Server document Fix List for links to security bulletins that have been included for each fix pack level.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

Important note: IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.

Internal Use Only

For more than 12 years, the X-Force team has conducted primary research on threats and vulnerability in order to bring accurate assessment of every vulnerability published.

Hi Mary
We finally got ISS system up and running. We only have 2 vulnerability but the links are ready to go. We like for you to update our WebSphere Support page to offer our customers a link to our vulnerability by version for WAS. I am not sure what wording you like to use. I am open to suggestions or I can through something out. In the mean time, here are the links...

For WebSphere Application Server

5.1.1 -
5.1.0 -

6.0 -

6.1 -

7.0 (but there are non at this time)

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;8.5;8.0;7.0;6.1;6.0;5.1","Edition":""}]

Document Information

Modified date:
15 June 2018