Flash alert for WebSphere Application Server concerning a security risk.
And then why post it here :-), Lotus Connections runs on WAS 184.108.40.206
and thus is vulnerably.
Check out the fix here.
Customers who have Web based applications, including Web services applications running on WebSphere Application Server, have the risk of an attacker having the ability to display application specific files contained within the war file. In addition, there is a potential risk for customers who are using the WebSphere administrative console with administrative security disabled. Credit to Edward Schaller for disclosing this problem to IBM.
For V220.127.116.11 through 18.104.22.168:
- Apply Interim Fix APAR PK81387
- Apply Fix Pack 23 or later (22.214.171.124 targeted to be available late March 2009).