This security bulletin for WebSphere Application Server is a way for you to obtain security risk assessment information for APARs that are considered Security Integrity. If there is any potential risk of exposure, the APAR will be marked as Security Integrity. Some APARs are marked as Security Integrity that are low risk and do not impact every client. The intention is to provide enough risk assessment information to allow you to assess if a particular APAR will impact your organization.
Each Security Integrity APAR will be listed by leveraging the IBM Xforce vulnerability reporting system. Each APAR is carefully researched and properly analyzed by WebSphere development and an IBM X-Force research team of security experts to properly rate and assess the risk of the vulnerability. The IBM X-Force team uses the industry standard Common Vulnerability Scoring System (CVSS) process for rating.
You can use this information in order to assess if a particular Security Integrity APAR applies to your environment.
Click on the link below to see the Security Bulletins issued for each Fix Pack beginning in March 2012:
WebSphere Application Server Security Bulletin list
Click on a link below to go into the X-Force System and get a list of vulnerability APARs that apply to the selected version of WebSphere Application Server.
WebSphere Application Server vulnerability list
These links are also included in the Recommended fixes for WebSphere Application Server document for future reference.
For more information on IBM X-Force System and services offering, see http://xforce.iss.net/.
Important note: IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.