Security Bulletin: Multiple security vulnerabilities in IBM WebSphere Application Server Liberty shipped with IBM Cloud Pak System family products

Summary

IBM WebSphere Application Server is shipped as component of IBM Cloud Pak System family products. Information about security vulnerabilities affecting WebSphere Application Server Liberty have been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Consult the security bulletin for vulnerability details and information about fixes

• WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304)

OR

Upgrade to Cloud Pak System v2.3.2.0 that supports Liberty v19.0.0.12, apply the interim fix as per

• WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304)

Information on upgrading available here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.

Workarounds and Mitigations

None