Home » IBM WebSphere Application Server: Security warning about a number of IT vulnerabilities

IBM WebSphere Application Server: Security warning about a number of IT vulnerabilities

by admin
IBM WebSphere Application Server: Security warning about a number of IT vulnerabilities

An IT safety alert replace for a recognized vulnerability has been issued for IBM WebSphere Application Server. You can learn the outline of the safety holes together with the most recent updates and details about the affected working programs and merchandise right here.

Federal workplace for Security in Information Technology (BSI) has printed an replace on June 2, 2024 to a high-risk safety gap in IBM WebSphere Application Server recognized on April 16, 2024. The safety vulnerability impacts Linux, MacOS

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: IBM Security Bulletin 7156265 (As of June 3, 2024). Some helpful assets are listed later on this article.

Multiple vulnerabilities in IBM WebSphere utility server – Vulnerability: Moderate

Risk stage: 3 (average)
CVSS Base Score: 7.0
CVSS provisional rating: 6.1
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc programs. The CVSS normal makes it potential to match potential or precise safety dangers based mostly on varied standards with a purpose to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally consider adjustments over time within the threat scenario. The severity of the present vulnerability is classed as “average” in keeping with the CVSS with a base rating of seven.0.

IBM WebSphere Application Server Bug: Vulnerabilities and CVE numbers

IBM WebSphere Application Server is a J2EE utility server.

See also  WhatsApp update 2023 current: blocking function improved! This feature was long overdue

An attacker from a close-by community or an unknown attacker might exploit sure vulnerabilities in IBM WebSphere Application Server to bypass safety measures, trigger a denial of service, and expose delicate data.

Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) numbers. CVE-2024-22329 and CVE-2024-22354 on the market.

Systems affected by the safety hole at a look

Operating programs
Linux, MacOS X, Windows

Products
IBM WebSphere Service Registry and Repository 8.5 (cpe:/a:ibm:websphere_service_registry_and_repository)
IBM Rational ClearQuest (cpe:/a:ibm:rational_clearquest)
IBM WebSphere Application Server 8.5 (cpe:/a:ibm:websphere_application_server)
IBM WebSphere Application Server 9.0 (cpe:/a:ibm:websphere_application_server)
IBM TXSeries for Multiplatforms 9.1 (cpe:/a:ibm:txseries)
IBM TXSeries for Multiplatforms 8.2 (cpe:/a:ibm:txseries)
IBM TXSeries for Multiplatforms 8.1 (cpe:/a:ibm:txseries)
IBM Business Automation Workflow (cpe:/a:ibm:business_automation_workflow)
IBM Rational ClearCase 9.1 (cpe:/a:ibm:rational_clearcase)
IBM Business Automation Workflow (cpe:/a:ibm:business_automation_workflow)
IBM Tivoli Key Lifecycle Manager (cpe:/a:ibm:tivoli_key_lifecycle_manager)
IBM Rational ClearCase 10.0.0 (cpe:/a:ibm:rational_clearcase)
IBM WebSphere Application Server Liberty

General steps for coping with IT vulnerabilities

  1. Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This usually incorporates further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace accessible.

Manufacturer details about updates, patches and workarounds

Here you’ll find some hyperlinks with details about bug reviews, safety fixes and workarounds.

See also  Uber, Moia, Freenow & Co.: That's what the new driving services do

IBM Security Bulletin 7156265 vom 2024-06-03 (02.06.2024)
For extra data, see:

IBM Security Bulletin 7156268 vom 2024-06-03 (02.06.2024)
For extra data, see:

IBM Security Bulletin 7155114 vom 2024-05-29 (28.05.2024)
For extra data, see:

IBM Security Bulletin 7150669 vom 2024-05-09 (09.05.2024)
For extra data, see:

IBM Security Bulletin vom 2024-04-26 (25.04.2024)
For extra data, see:

IBM Security Bulletin 7149055 vom 2024-04-22 (22.04.2024)
For extra data, see:

IBM Security Bulletin 7148976 vom 2024-04-22 (21.04.2024)
For extra data, see:

IBM Security Bulletin 7148974 vom 2024-04-22 (21.04.2024)
For extra data, see:

IBM Security Bulletin 7148751 vom 2024-04-19 (18.04.2024)
For extra data, see:

IBM Security Bulletin 7148501 vom 2024-04-17 (17.04.2024)
For extra data, see:

IBM Security Bulletin vom 2024-04-16 (16.04.2024)
For extra data, see:

IBM Security Bulletin vom 2024-04-16 (16.04.2024)
For extra data, see:

Version historical past of this safety alert

This is model 9 of this IBM WebSphere Application Server IT safety advisory. If additional updates are introduced, this doc can be up to date. You can see the adjustments made utilizing the model historical past beneath.

April 16, 2024 – First model
April 17, 2024 – Added new updates from IBM
April 18, 2024 – Added new updates from IBM
April 21, 2024 – Added new updates from IBM
April 22, 2024 – Added new updates from IBM
April 25, 2024 – Added new updates from IBM
May 9, 2024 – New updates from IBM added
May 28, 2024 – New updates from IBM added
June 2, 2024 – New updates from IBM added

See also  Biopharmaceutical company Ascendis Pharma opens new office in Munich

+++ Editorial notice: This doc is predicated on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find sizzling information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy