WebSphere Application Server & Liberty

 View Only
  • 1.  Looking for listing of WebSphere vulnerabilities

    IBM Champion
    Posted Wed February 24, 2021 10:19 AM
    Hi,

    I am spinning my wheels here trying to find something.

    I know somewhere in the past I was able to find ALL of the Security Vulnerabilities for WebSphere Application Server is one location. I get the regular individual notifications but that's on a 1-by-1 basis. I need to be able to look up a particular version and determine what Security Fixes are required on top of that version. The context here is the customer only wants to patch N-2 so I don't want to be wading through lots of emails to see which I have to apply.

    I vaguely remember somewhere seeing an entire list of them but the search is killing me.

    Thanks.

    Paul

    ------------------------------
    Paul Fearon
    ------------------------------


  • 2.  RE: Looking for listing of WebSphere vulnerabilities

    Posted Wed February 24, 2021 12:08 PM
    Hi Paul, two resources that will help:

    1) https://www.ibm.com/support/pages/websphere-application-server-and-ibm-http-server-security-bulletin-list

    2) Search for published fixes on your fixpack level: https://www.ibm.com/support/fixcentral
    Note: After you click through the right hand side will have a filter to show Type: interim fix and Category: Security/Integrity which will narrow the results significantly.

    ------------------------------
    Eric Covener
    ------------------------------



  • 3.  RE: Looking for listing of WebSphere vulnerabilities

    IBM Champion
    Posted Wed February 24, 2021 02:45 PM
    Hi Eric,

    Yes the first link I was looking for thanks.

    Paul

    ------------------------------
    Paul Fearon
    ------------------------------



  • 4.  RE: Looking for listing of WebSphere vulnerabilities

    Posted Thu February 25, 2021 05:11 AM
    Hi, You go to IBM XForce and search for "WebSphere Application Server" and look in the Vulnerabilities section.
    https://exchange.xforce.ibmcloud.com/search/websphere%20application%20server

    You could also go to the latest fixlist for the version of tWAS you want and then look up the security fixes,  which are marked with a check.  
    For v905: https://www.ibm.com/support/pages/node/715559
    For v855: https://www.ibm.com/support/pages/node/611243


    Regards,

    Brian S Paskin
    WebSphere, Liberty and MQ Architecture
    Cloud Automation
    IBM Expert Labs


    IBM

    75 Binney Street
    Cambridge, MA 02142-1203
    United States