STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).

DISA Rule

SV-96115r1_rule

Vulnerability Number

V-81401

Group Title

SRG-APP-000456-AS-000266

Rule Version

WBSP-AS-001760

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Sign up to receive WebSphere security bulletins at the IBM website.

Monitor IAVMs, CTOs, and DTMs for update notices affecting WebSphere.

Obtain WebSphere product security and patch support.

Test and apply the latest applicable WebSphere security fixes.

Check Contents

From the admin console, click on "welcome".

Under Suite Name, locate "WebSphere Application Server".

View the "version".

Access IBM support website: https://www.ibm.com/support

Identify the most recent patch/fix version available for the WebSphere Traditional Application Server (not the Liberty version).

If the most recent patches/fix packs have not been applied, this is a finding.

Vulnerability Number

V-81401

Documentable

False

Rule Version

WBSP-AS-001760

Severity Override Guidance

From the admin console, click on "welcome".

Under Suite Name, locate "WebSphere Application Server".

View the "version".

Access IBM support website: https://www.ibm.com/support

Identify the most recent patch/fix version available for the WebSphere Traditional Application Server (not the Liberty version).

If the most recent patches/fix packs have not been applied, this is a finding.

Check Content Reference

M

Target Key

3399

Comments