WebSphere Application Server Archives

IBM i PTF Guide, Volume 24, Number 12

March 23, 2022 Doug Bidwell

And the security vulnerabilities just keep on a-coming. This time, it is with the WebSphere Application Server. Check out Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038), which you can read all about here. The affected products are WebSphere Application Server Liberty, versions 17.0.0.3 through 22.0.0.2 and WebSphere Application Server versions 9.0 through 9.0.5.11.

Also, here some information: The default location of ACS is updated whenever there is a Cumulative update or upgrade to a OS level. (\\&SystemName\root\QIBM\ProdData\Access\ACS\Base). Here are fixes for this:
- IBM i 7.4: SI77377 – ACS 1.1.8.8
…
Read more
IBM Patches New Security Flaws in Java, OpenSSL

April 3, 2019 Alex Woodie

IBM this week patched a series of flaws in IBM i’s Java environment, including a pair of very serious problems in the OpenJ9 runtime that could allow remote attackers to execute arbitrary code, in addition to a series of less-severe Java vulnerabilities. The company also fixed a new flaw found in IBM i’s OpenSSL implementation.

A total of seven Java flaws that impact IBM i versions 7.1 through 7.3 were addressed with one security bulletin issued by IBM on March 29. IBM issued Group PTFs for each release of the operating system to address them. A single OpenSSL flaw also …
Read more
Pay Attention To JDK And WebSphere Release Support

April 2, 2018 Timothy Prickett Morgan

IBM i shops don’t have to use Big Blue’s WebSphere Application Server middleware to create Java, since some of the Java functions are built into the Apache Web server built into the operating system and open source programs like the Tomcat server, while not still supported, are nonetheless sometimes still used. Still other shops don’t go for the full-on WebSphere Application Server, but use the Express Edition that is bundled on the machine to provide a certain level of automation for Java workloads.

IBM has been warning customers that they have to keep current on Java Development Kit (JDK) releases, …
Read more
IBM Patches Another BIND Flaw In IBM i

March 28, 2018 Alex Woodie

A serious flaw has been discovered in the BIND networking service that could be used to launch a denial of service attack against impacted servers, including IBM i. IBM patched the flaw in every version of the OS from IBM i 6.1 to 7.3 with a program temporary fix (PTF) made available earlier this month. IBM also patched a serious flaw in WebSphere that could let information leak out.

According to the IBM security bulletin issued March 12, the ISC BIND flaw known as CVE-2017-3145 has the potential to allow a remote attacker to crash a vulnerable server by sending …
Read more
IBM Will Change WebSphere To Work In A Cloudy World

March 26, 2018 Timothy Prickett Morgan

If you had to pick one product that put IBM back on the map in software, it would have to be the WebSphere Application Server that was wrapped around the Apache Web server for the 1998 Winter Olympics in Nagano, Japan. That was back when Big Blue was the technology sponsor for the Olympics, and it used the summer and winter events, each held every four years and out of phase by two years, as a showcase for new technologies. Two years is a Moore’s Law gap, so it worked out nicely.

WebSphere was the pet project of Tom Rosamilia, …
Read more
IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

February 21, 2018 Alex Woodie

IBM has issued patches to fix a serious security problem in the IBM Global Security Kit, or GSKit, a relatively obscure crypto package that implements SSL/TLS encryption algorithms across a variety of IBM products, including IBM i. An old flaw in the underlying RSA crypto algorithm that could let hackers decrypt data in a “side channel” attack has resurfaced under a new moniker: “ROBOT.”

GSKit is an IBM toolkit that implements various encryption-related functions, including symmetric and asymmetric ciphers, random number generation, hashing algorithms, and encryption key management capabilities, for products that need over-the-wire encryption, including IBM i, Linux, and …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

IBM i PTF Guide, Volume 24, Number 12

IBM Patches New Security Flaws in Java, OpenSSL

Pay Attention To JDK And WebSphere Release Support

IBM Patches Another BIND Flaw In IBM i

IBM Will Change WebSphere To Work In A Cloudy World

IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

Content archive

Recent Posts

Subscribe

Pages

Search