JR54748: SECURITY APAR - CVE-2015-7450 - VULNERABILITY IN APACHE COMMONS COLLECTIONS AFFECTS IBM BPM DOCUMENT STORE
Direct links to fixes
Closed as program error.
An Apache Commons Collections vulnerability for handling Java object deserialization affected the IBM Business Process Manager document store.
No additional information is available.
A fix is available for IBM BPM V22.214.171.124, IBM BPM V126.96.36.199, IBM BPM V188.8.131.52, and IBM BPM V184.108.40.206 CF1 that updates the vulnerable open source library in the document store application. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR54748: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR54748, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix. A fix will be included in an IBM BPM V220.127.116.11 cumulative fix. To determine whether the cumulative fix is available and download it if it is, complete the following steps on Fix Central: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select Text, enter "cumulative fix", and click Continue.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
Translate this page: