IBM Support

Security Bulletins for WebSphere Application Server



This security bulletin for WebSphere Application Server is a way for you to obtain security risk assessment information for APARs that are considered Security Integrity. If there is any potential risk of exposure, the APAR is marked as Security Integrity. Some APARs are marked as Security Integrity that are low risk and do not impact every client. The intention is to provide enough risk assessment information to help you assess the impact to your organization

Each Security Integrity APAR is listed by leveraging the IBM Xforce vulnerability reporting system. Each APAR is carefully researched and properly analyzed by WebSphere development and an IBM X-Force research team of security experts to properly rate and assess the risk of the vulnerability. The IBM X-Force team uses the industry standard Common Vulnerability Scoring System (CVSS) process for rating.

You can use this information in order to assess if a particular Security Integrity APAR applies to your environment.


There is a document WebSphere Application Server and IBM HTTP server Security Bulletin List that includes all CVEs from 2014 to the present that affect either WebSphere Application Server or IBM HTTP server.

If you subscribe to My Notifications, a notification is sent every time a new Security bulletin is published for WebSphere Application Server. You can also refer to the Recommended fixes for WebSphere Application Server document Fix List for links to security bulletins that have been included for each fix pack level.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

Important note: IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;8.5;8.0;7.0;6.1;6.0;5.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
23 February 2022