IBM Support

PM86791; 8.5.0.2: Potential security vulnerability

Download


Abstract

Potential security vulnerability

Download Description

PM86791 resolves the following problem:

ERROR DESCRIPTION:
Potential security vulnerability


LOCAL FIX:

PROBLEM SUMMARY:
Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit this vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability. The OpenJPA code ships with the WebSphere Application Server but WebSphere Application Server is NOT vulnerable to this issue.

PROBLEM CONCLUSION:
The code has been updated to resolve this issue.

For more information please refer to this security bulletin:


http://www-01.ibm.com/support/docview.wss?&uid=swg21635999

Prerequisites

None

Installation Instructions

Please review the readme.txt, which is included with the download file, for detailed installation instructions.

On
[{"DNLabel":"8.5.0.1-WS-WASProd_WLPArchive-IFPM86791","DNDate":"06-11-2013","DNLang":"US English","DNSize":"5735334","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.1-WS-WASProd_WLPArchive-IFPM86791&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLPArchive-IFPM86791","DNDate":"06-11-2013","DNLang":"US English","DNSize":"5735247","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WASProd_WLPArchive-IFPM86791&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLPArchive-IFPM86791","DNDate":"06-11-2013","DNLang":"US English","DNSize":"5735247","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WASProd_WLPArchive-IFPM86791&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-DistOnly-IFPM86791","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"5921170","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WASProd_WLP-DistOnly-IFPM86791&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.1-WS-WASProd_WLP-DistOnly-IFPM86791","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"5921162","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.1-WS-WASProd_WLP-DistOnly-IFPM86791&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java Persistence API (JPA)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.0.1;8.5.0.2","Edition":"Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24035162