Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM WebSphere Application Server is vulnerable to Clickjacking (CVE-2021-39038)
Download Description
PH43760 resolves the following problem:
ERROR DESCRIPTION:
IBM WebSphere Application Server is vulnerable to Clickjacking (CVE-2021-39038)
ERROR DESCRIPTION:
IBM WebSphere Application Server is vulnerable to Clickjacking (CVE-2021-39038)
The APAR for this issue that applies to WebSphere Liberty is PH43223.
PROBLEM SUMMARY:
IBM WebSphere Application Server is vulnerable to Clickjacking (CVE-2021-39038)
PROBLEM CONCLUSION:
Confidential for CVE-2021-39038.
ADDITIONAL STEPS:
After this interim fix is applied, perform the following steps on each of your WebSphere Application Server profiles:
|
The fix for this APAR is targeted for inclusion in fix pack 9.0.5.12.
For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Review the readme.txt for detailed installation instructions.
URL | SIZE (Bytes) |
---|---|
V90 readme file | 2164 |
Download Package
Important note: WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table.
DOWNLOAD | RELEASE DATE | SIZE (BYTES) |
PLATFORM
|
FIXPACKS | URL |
---|---|---|---|---|---|
9.0.5.9-WS-WASProd-DistOnly-IFPH43760 | 17 February 2022 | 1586000 | Distributed | 9.0.5.9 | FC |
9.0.5.10-WS-WASProd-DistOnly-IFPH43760 | 17 February 2022 | 1586041 | Distributed | 9.0.5.10 | FC |
9.0.5.11-WS-WASProd-DistOnly-IFPH43760 | 15 March 2022 | 1586223 | Distributed | 9.0.5.11 | FC |
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.
The links to the z/OS fixes were removed from this document on 3/23/2022 due to a packaging issue. These fixes will be restored when they are repackaged.
Problems Solved
PH43760
Change History
- 15 March 2022: Add links to 9.0.5.11 interim fixes.
- 23 March 2022: Remove links to z/OS interim fixes.
On
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001j54AAA","label":"WebSphere Application Server traditional-All Platforms-\u003EDownload Documents - L3 Publishing Category"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.0"}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
23 March 2022
UID
ibm16557322