Potential security vulnerability
PM86791 resolves the following problem:
ERROR DESCRIPTION:
Potential security vulnerability
LOCAL FIX:
PROBLEM SUMMARY:
Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit this vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability. The OpenJPA code ships with the WebSphere Application Server but WebSphere Application Server is NOT vulnerable to this issue.
PROBLEM CONCLUSION:
The code has been updated to resolve this issue.
For more information please refer to this security bulletin:
http://www-01.ibm.com/support/docview.wss?&uid=swg21635999
Please review the readme.txt, which is included with the download file, for detailed installation instructions.
On
[{"DNLabel":"8.5.0.1-WS-WASProd_WLPArchive-IFPM86791","DNDate":"06-11-2013","DNLang":"US English","DNSize":"5735334","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.1-WS-WASProd_WLPArchive-IFPM86791&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLPArchive-IFPM86791","DNDate":"06-11-2013","DNLang":"US English","DNSize":"5735247","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WASProd_WLPArchive-IFPM86791&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLPArchive-IFPM86791","DNDate":"06-11-2013","DNLang":"US English","DNSize":"5735247","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WASProd_WLPArchive-IFPM86791&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.2-WS-WASProd_WLP-DistOnly-IFPM86791","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"5921170","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.2-WS-WASProd_WLP-DistOnly-IFPM86791&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.1-WS-WASProd_WLP-DistOnly-IFPM86791","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"5921162","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.1-WS-WASProd_WLP-DistOnly-IFPM86791&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java Persistence API (JPA)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.0.1;8.5.0.2","Edition":"Liberty","Line of Business":{"code":"LOB45","label":"Automation"}}]