Site icon API Security Blog

Security Bulletin: A security vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2023-28867)

## Summary

WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business Automation Workflow traditional. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty have been published in a security bulletin.

## Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

## Affected Products and Versions

Affected Product(s)| Version(s)| Status| Note
—|—|—|—
IBM Business Automation Workflow containers|

V23.0.1
V22.0.2 – V22.0.2 all fixes
V22.0.1 – V22.0.1 all fixes
V21.0.3 – V21.0.3 all fixes
V21.0.2 all fixes
V20.0.0.2 all fixes
V20.0.0.1 all fixes

| not affected| The vulnerable feature is not installed.
IBM Business Automation Workflow traditional| V23.0.1
V22.0.1 – V22.0.2
V21.0.1 – V21.0.3.1
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.2| affected|

Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

The vulnerable feature is not configured by default and there is no supported use case to add it to your configuration.

IBM Business Automation Workflow Enterprise Service Bus| V23.0.1
V22.0.2| affected|

Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

The vulnerable feature is not configured by default and there is no supported use case to add it to your configuration.

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

## Remediation/Fixes

Please consult the [Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)]() for vulnerability details and information about fixes.

## Workarounds and Mitigations

None

##Read More

Exit mobile version