IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-5983)

Apr 28, 2017 10:00 am EDT

Categorized: High Severity

IBM WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition. A potential code execution security vulnerability has been identified in WebSphere Application Server. This issue was also addressed by IBM Business Process Manager Standard and IBM Tivoli System Automation Application Manager which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition. The issue was also addressed by IBM Tivoli Monitoring, Jazz for Service Management, and SmartCloud Cost Manager which are shipped with IBM Cloud Orchestrator Enterprise edition.

CVE(s): CVE-2016-5983

Affected product(s) and affected version(s):

IBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3

• IBM WebSpshere Application Server 8.5.5 through 8.5.5.7
• Business Process Manager 8.5.6
• Tivoli System Application Automation Manager 4.1

IBM Cloud Orchestrator V2.3, V2.3, 0.1

• IBM WebSpshere Application Server 8.0.1 through 8.0.11
• Business Process Manager 8.5.0.1

IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3

• IBM WebSpshere Application Server 8.5.5 through 8.5.5.7
• SmartCloud Cost Manager 2.1.0.5 – 2.1.0.4
• IBM Tivoli Monitoring 6.3.0.2
• Jazz for Service Management 1.1.0.1

IBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1

• IBM Tivoli Monitoring 6.3.0.1
• Business Process Manager 8.5.0.1
• SmartCloud Cost Manager 2.1.0.3
• Jazz for Service Management 1.1.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2pbG5lG
X-Force Database: http://ift.tt/2cX6Wuu

from IBM Product Security Incident Response Team http://ift.tt/2pbLbOJ