Potential security exposure after installing an interim fix for WebSphere Application Server PM44303 or a fix pack containing PM44303

Flash (Alert)


Abstract

If you have installed an Interim Fix for PM44303 or a fix pack containing it, you have the potential for an authenticated user to bypass security restrictions, which is caused by an error when validating user credentials.

Content

This issue might allow a user to gain unauthorized administrative access to an application and potentially gain access to confidential and critical customer data.

This WebSphere Application Server issue affects the following products in the Business Process Management family of products due to the WebSphere Application Server underlying infrastructure.

Products Versions Note
IBM Business Process Manager Standard, IBM Business Process Manager Express, and IBM Business Process Manager Advanced 8.0 These products are affected if the underlying WebSphere Application Server infrastructure is V8.0.0 Fix Pack 3 or 4. You can apply the fix using Installation Manager.
IBM Business Process Manager Standard, IBM Business Process Manager Express, and IBM Business Process Manager Advanced 7.5.1
7.5
These products are affected if the underlying WebSphere Application Server infrastructure is V7.0.0 Fix Pack 21, 22, or 23. You can apply the fix using Installation Manager.
WebSphere Enterprise Service Bus 7.5.1
7.5
7.0
These product versions are affected if the underlying WebSphere Application Server infrastructure is V7.0.0 Fix Pack 21, 22, or 23. You can apply the fix using Installation Manager.
WebSphere Enterprise Service Bus 6.2
6.1.2
6.1
These product versions are affected if the underlying WebSphere Application Server infrastructure is V6.1.0 Fix Pack 43. You can apply the fix using Update Installer.
WebSphere Process Server 7.0 This product version is affected if the underlying WebSphere Application Server infrastructure is V7.0.0 Fix Pack 21, 22, or 23. You can apply the fix using Installation Manager.
WebSphere Process Server 6.2
6.1.2
6.1
These product versions are affected if the underlying WebSphere Application Server infrastructure is V6.1.0 Fix Pack 43. You can apply the fix using Update Installer.
WebSphere Lombardi Edition 7.2
7.1
These releases were originally bundled with WebSphere Application Server Version 7.0.0 Fix Pack 7. Your environment is not affected unless you specifically upgraded the underlying WebSphere Application Server infrastructure is V7.0.0 Fix Pack 21, 22, or 23. You can apply the fix using Update Installer.

To determine the underlying WebSphere Application Server fix pack level, use the versioninfo command with your WebSphere Application Server installation. For more information on the command, see the following WebSphere Application Server documents:


For information on installing interim fixes using Installation Manager, see Instructions for installing an interim fix using the IBM Installation Manager.

For more information on this WebSphere Application Server issue, see Potential security exposure with IBM WebSphere Application Server after installing PM44303.


Cross reference information
Segment Product Component Platform Version Edition
Business Integration IBM Business Process Manager Advanced Security AIX, Linux, Linux zSeries, Solaris, Windows, z/OS 8.0, 7.5.1, 7.5.0.1, 7.5
Business Integration WebSphere Process Server Security AIX, HP-UX, i5/OS, Linux, Linux zSeries, Solaris, Windows, z/OS 7.0.0.5, 7.0.0.4, 7.0.0.3, 7.0.0.2, 7.0.0.1, 7.0, 6.2.0.3, 6.2.0.2, 6.2.0.1, 6.2, 6.1.2.3, 6.1.2.2, 6.1.2.1, 6.1.2, 6.1.0.4, 6.1.0.3, 6.1.0.2, 6.1.0.1, 6.1
Business Integration IBM Business Process Manager Standard Security AIX, Linux, Linux zSeries, Solaris, Windows 8.0, 7.5.1, 7.5.0.1, 7.5
Business Integration IBM Business Process Manager Express Security Linux, Linux zSeries, Windows 8.0, 7.5.1, 7.5.0.1, 7.5
Business Integration WebSphere Lombardi Edition Security AIX, Linux, Linux zSeries, Linux/x86, Solaris, Windows 7.2, 7.1

Product Alias/Synonym

BPM WESB WPS WLE Lombardi

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Enterprise Service Bus

Software version:

6.1, 6.1.2, 6.2, 7.0, 7.5, 7.5.0.1, 7.5.1

Operating system(s):

AIX, HP-UX, Linux, Linux iSeries, Linux pSeries, Linux xSeries, Linux zSeries, Solaris, Windows, i5/OS, z/OS

Reference #:

1610371

Modified date:

2012-09-06

Translate my page

Machine Translation

Content navigation