Vulnerability Apache common-collections (CVE-2015-7450) reloaded – Fixes for IBM Connections and WebSphere Portal available

Vulnerability Apache common-collections (CVE-2015-7450) reloaded – Fixes for IBM Connections and WebSphere Portal available

Hi all,

two weeks ago IBM released Fixes for the apache common-collections security vulnerability specific for WebSphere Applications Server (I wrote a blog post about this just two weeks ago –> here).

Last week additional Fixes for WebSphere Portal and IBM Connections were released – thanks IBM for the fast reaction 😉

I HIGHLY recommend all of you to install these Fixes on top of your IBM Connections / WebSphere Portal Server. The vulnerability is really critical (CVSS Base Score of 9.8 – Poodle (SSLv3) has a base score of only 4.3). I`m a bit surprised why the community does not talk more about this issue. Very calm compared to the Poodle SSLv3 discussions last year. Seems there are not that many J2EE Application Servers out there as this issue is Java specific 😉

Here are the Fixes (you need to install ALL fixes):

IBM Connections

LO87198 (specific for IBM Connections)

and on top of this

PI52103 (specific for WebSphere Application Server)

WebSphere Portal

PI52627, PI52647, PI52882  (specific for WebSphere Portal)

and on top of this

PI52103 (specific for WebSphere Application Server)

Leave a Reply

Your email address will not be published. Required fields are marked *