Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix
  • WebSphere Application Server
  • Sydney
    United Kingdom
    US South
  • Description
    This security bulletin involves the following CVEs: CVE-2015-0254, CVE-2016-2923, CVE-2016-2945, CVE-2016-0389, CVE-2016-0359, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-2108

    There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project.

    A user action is needed to update your instances.

    For more information, see the security bulletin.