Flash alert for WebSphere Application Server concerning a security risk.
And then why post it here :-), Lotus Connections runs on WAS 126.96.36.199
and thus is vulnerably.
Check out the fix here.
Customers who have Web based applications, including Web services applications running on WebSphere Application Server, have the risk of an attacker having the ability to display application specific files contained within the war file. In addition, there is a potential risk for customers who are using the WebSphere administrative console with administrative security disabled. Credit to Edward Schaller for disclosing this problem to IBM.
For V188.8.131.52 through 184.108.40.206:
- Apply Interim Fix APAR PK81387
- Apply Fix Pack 23 or later (220.127.116.11 targeted to be available late March 2009).