WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server and User Management Service. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published in a security bulletin.
Refer to the security bulletins(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Business Automation Workflow | V19.0 |
V18.0 | |
IBM Business Process Manager | 8.6 |
8.5 | |
8.0 | |
WebSphere Enterprise Service Bus | 7.5 |
7.0 |
Please consult the security bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2019 CPU for vulnerability details and information about fixes.
Additionally, IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus might be affected by the following vulnerabilities:
CVEID: CVE-2019-2981
DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169287> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2973
DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169279> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
None