Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8)
Download Description
View the CVE-2021-44228 Security Bulletin for PH42728
View the CVE-2020-5258 Security Bulletin for PH34122
ERROR DESCRIPTION:
IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8)
![](https://www.ibm.com/support/pages/system/files/support/swg/swgtech.nsf/0/291c36701745df5a85257f06006eb66f/Content/0.7DB6.gif)
IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8)
Confidential for CVE-2021-23450.
Note: Since PH42762 removes Apache Log4j from WebSphere Application Server, when a fix packaged to address PH43148 is installed, Apache Log4j is also removed from WebSphere Application Server. |
No more steps are required for WebSphere Application Server Base.
If you are running WebSphere Application Server Network Deployment, more steps might be required for your deployment manager profiles.
Procedure:
After this interim fix is applied, perform the following steps on each of your WebSphere Application Server Network Deployment deployment manager profiles:
|
- The presence of the dojo.zip file depends on how the profile was initially created. If it was created with the Profile Management Tool with the Cell (deployment manager and federated application server) selection, the dojo.zip file will exist in your deployment manager profile.
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
URL | SIZE (Bytes) |
---|---|
UpdateInstaller | 7250000 |
Installation Instructions
URL | SIZE (Bytes) |
---|---|
V90 readme file | 3761 |
V85 readme file | 3896 |
V80 readme file | 3780 |
V70 readme file | 6476 |
Download Package
DOWNLOAD | RELEASE DATE | SIZE (BYTES) | FIXPACKS | URL |
---|---|---|---|---|
9.0.5.3-WS-WASProd-IFPH43148 | 16 February 2022 | 16642605 | 9.0.5.3 through 9.0.5.10 | FC |
9.0.5.11-WS-WASProd-IFPH43148 | 15 March 2022 | 16612468 | 9.0.5.11 | FC |
8.5.5.10-WS-WASProd-IFPH43148 | 16 February 2022 | 16458210 | 8.5.5.10 through 8.5.5.21 | FC |
8.0.0.15-WS-WASProd-IFPH43148 | 01 March 2022 | 16437309 | 8.0.0.15 | FC |
8.0.0.15-WS-WASEmbeded-IFPH43148 | 01 March 2022 | 9454459 | 8.0.0.15 | FC |
7.0.0.45-WS-WAS-IFPH43148 | 16 February 2022 | 15531372 | 7.0.0.45 | FC |
Problems Solved
Change History
- 15 March 2022: Add 9.0.5.11 interim fix.
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
01 April 2022
UID
ibm16557298