Security Vulnerabilities in Websphere Portal Server

Security Vulnerabilities in Websphere Portal Server were reported recently and customers were asking me to give an appropriate links for Fixes and Fixpacks. There were released as well along with information on the CVEs. Below information is gathered from IBM Support link and the same information is provided here.

These Vulnerabilities effect the customer data, so its a good practice to update the Product with Fixes and Fixpacks. Problem with these CVE’s (Common Vulnerabilities and Exposures) are that there is no Workaround given for resolution.

CVEID: CVE-2015-7428

CVEID: CVE-2015-7455
CVEID: CVE-2015-7457

CVEID: CVE-2015-7491

CVEID: CVE-2016-0243

CVEID: CVE-2016-0244

CVEID: CVE-2016-0245

Link for reference: http://www-01.ibm.com/support/docview.wss?uid=swg21976358

Based on the suggestions given in Support link, we may need to wither apply the interim fix or go for a Fixpack update on Websphere Portal Server product.

Support link suggests to upgrade Portal at latest Fixpacks. The 7 CVEs listed above has the following Fixpacks listed and also has their own individual Fixes to be applied after applying FPs. Below are basic for Portal server v8.5 and v8.0.

For 8.5.0
Upgrade to Cumulative Fix 09 (CF09)
(Combined Cumulative Fixes for WebSphere Portal 8.5.0.0: http://www-01.ibm.com/support/docview.wss?uid=swg24037786)

For 8.0.0 through 8.0.0.1
Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 20 (CF20)
(Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497)