IBM i PTF Guide, Volume 24, Number 12
March 23, 2022 Doug Bidwell
And the security vulnerabilities just keep on a-coming. This time, it is with the WebSphere Application Server. Check out Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038), which you can read all about here. The affected products are WebSphere Application Server Liberty, versions 17.0.0.3 through 22.0.0.2 and WebSphere Application Server versions 9.0 through 9.0.5.11.
Also, here some information: The default location of ACS is updated whenever there is a Cumulative update or upgrade to a OS level. (\\&SystemName\root\QIBM\ProdData\Access\ACS\Base). Here are fixes for this:
- IBM i 7.4: SI77377 – ACS 1.1.8.8