Hi,

I am spinning my wheels here trying to find something.

I know somewhere in the past I was able to find ALL of the Security Vulnerabilities for WebSphere Application Server is one location. I get the regular individual notifications but that's on a 1-by-1 basis. I need to be able to look up a particular version and determine what Security Fixes are required on top of that version. The context here is the customer only wants to patch N-2 so I don't want to be wading through lots of emails to see which I have to apply.

I vaguely remember somewhere seeing an entire list of them but the search is killing me.

Thanks.

Paul

------------------------------
Paul Fearon
------------------------------

Hi Paul, two resources that will help:

1) https://www.ibm.com/support/pages/websphere-application-server-and-ibm-http-server-security-bulletin-list

2) Search for published fixes on your fixpack level: https://www.ibm.com/support/fixcentral
Note: After you click through the right hand side will have a filter to show Type: interim fix and Category: Security/Integrity which will narrow the results significantly.

------------------------------
Eric Covener
------------------------------

Original Message:
Sent: Wed February 24, 2021 10:18 AM
From: Paul Fearon
Subject: Looking for listing of WebSphere vulnerabilities

Hi,

I am spinning my wheels here trying to find something.

I know somewhere in the past I was able to find ALL of the Security Vulnerabilities for WebSphere Application Server is one location. I get the regular individual notifications but that's on a 1-by-1 basis. I need to be able to look up a particular version and determine what Security Fixes are required on top of that version. The context here is the customer only wants to patch N-2 so I don't want to be wading through lots of emails to see which I have to apply.

I vaguely remember somewhere seeing an entire list of them but the search is killing me.

Thanks.

Paul

------------------------------
Paul Fearon
------------------------------

Hi Eric,

Yes the first link I was looking for thanks.

Paul

------------------------------
Paul Fearon
------------------------------

Original Message:
Sent: Wed February 24, 2021 12:08 PM
From: Eric Covener
Subject: Looking for listing of WebSphere vulnerabilities

Hi Paul, two resources that will help:

1) https://www.ibm.com/support/pages/websphere-application-server-and-ibm-http-server-security-bulletin-list

2) Search for published fixes on your fixpack level: https://www.ibm.com/support/fixcentral
Note: After you click through the right hand side will have a filter to show Type: interim fix and Category: Security/Integrity which will narrow the results significantly.

------------------------------
Eric Covener

Original Message:
Sent: Wed February 24, 2021 10:18 AM
From: Paul Fearon
Subject: Looking for listing of WebSphere vulnerabilities

Hi,

I am spinning my wheels here trying to find something.

I know somewhere in the past I was able to find ALL of the Security Vulnerabilities for WebSphere Application Server is one location. I get the regular individual notifications but that's on a 1-by-1 basis. I need to be able to look up a particular version and determine what Security Fixes are required on top of that version. The context here is the customer only wants to patch N-2 so I don't want to be wading through lots of emails to see which I have to apply.

I vaguely remember somewhere seeing an entire list of them but the search is killing me.

Thanks.

Paul

------------------------------
Paul Fearon
------------------------------

Original Message:
Sent: 2/24/2021 10:19:00 AM
From: Paul Fearon
Subject: Looking for listing of WebSphere vulnerabilities

Hi,

I am spinning my wheels here trying to find something.

I know somewhere in the past I was able to find ALL of the Security Vulnerabilities for WebSphere Application Server is one location. I get the regular individual notifications but that's on a 1-by-1 basis. I need to be able to look up a particular version and determine what Security Fixes are required on top of that version. The context here is the customer only wants to patch N-2 so I don't want to be wading through lots of emails to see which I have to apply.

I vaguely remember somewhere seeing an entire list of them but the search is killing me.

Thanks.

Paul

------------------------------
Paul Fearon
------------------------------