Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The WebSphere Liberty Server must install security-relevant software updates within the time period directed by an authoritative source.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-250349 | IBMW-LS-001170 | SV-250349r850908_rule | Medium |
| Description |
|---|
| Security vulnerabilities are often addressed by testing and applying the latest security patches and fix packs. The latest fixpacks can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661 |
| STIG | Date |
|---|---|
| IBM WebSphere Liberty Server Security Technical Implementation Guide | 2022-09-09 |
Details
| Check Text ( C-53784r795098_chk ) |
|---|
| Use the "productInfo(.bat/.sh) version" command to determine the WebSphere version. Review the patch level and fix pack. Review the latest fixpacks at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661 and determine if the system is operating at the latest patch level. If the most recent patches/fix packs have not been applied, this is a finding. |
| Fix Text (F-53738r795099_fix) |
|---|
| Obtain WebSphere Liberty product security and patch support at http://www-01.ibm.com/support/docview.wss?uid=swg27009661. Run the productInfo validate command to validate the MD5 checksum file for server installation and each feature. If a feature is not valid, the command outputs an error and lists the manifest file for the affected feature. The following example validates the features for the current installation and outputs the results to the validate.txt file: productInfo validate --output=/tmp/validate.txt |