Flash alert for WebSphere Application Server concerning a security risk.
And then why post it here :-), Lotus Connections runs on WAS 220.127.116.11
and thus is vulnerably.
Check out the fix here.
Customers who have Web based applications, including Web services applications running on WebSphere Application Server, have the risk of an attacker having the ability to display application specific files contained within the war file. In addition, there is a potential risk for customers who are using the WebSphere administrative console with administrative security disabled. Credit to Edward Schaller for disclosing this problem to IBM.
For V18.104.22.168 through 22.214.171.124:
- Apply Interim Fix APAR PK81387
- Apply Fix Pack 23 or later (126.96.36.199 targeted to be available late March 2009).