Security Vulnerabilities in Websphere Portal Server were reported recently and customers were asking me to give an appropriate links for Fixes and Fixpacks. There were released as well along with information on the CVEs. Below information is gathered from IBM Support link and the same information is provided here.<\/p>\n
These Vulnerabilities effect the customer data, so its a good practice to update the Product with Fixes and Fixpacks. Problem with these CVE’s (Common Vulnerabilities and Exposures) are that there is no Workaround given for resolution.<\/p>\n
CVEID:<\/b> CVE-2015-7428<\/u><\/a> CVEID:<\/b> CVE-2015-7455<\/u><\/a> CVEID:<\/b> CVE-2015-7491<\/u><\/a> CVEID:<\/b> CVE-2016-0243<\/u><\/a> CVEID:<\/b> CVE-2016-0244<\/u><\/a> CVEID:<\/b> CVE-2016-0245<\/u><\/a> Link for reference: http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg21976358<\/a><\/p>\n Based on the suggestions given in Support link, we may need to wither apply the interim fix or go for a Fixpack update on Websphere Portal Server product.<\/p>\n Support link suggests to upgrade Portal at latest Fixpacks. The 7 CVEs listed above has the following Fixpacks listed and also has their own individual Fixes to be applied after applying FPs. Below are basic for Portal server v8.5 and v8.0.<\/p>\n For 8.5.0
\n<\/b><\/p>\n
\nCVEID:<\/b> CVE-2015-7457<\/u><\/a><\/p>\n
\n<\/b><\/p>\n
\n<\/b><\/p>\n
\n<\/b><\/p>\n
\n<\/b><\/p>\n
\nUpgrade to Cumulative Fix 09 (CF09)
\n(Combined Cumulative Fixes for WebSphere Portal 8.5.0.0: http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg24037786<\/a>)<\/p>\n