The WebSphere Application Server must remove organization-defined software components after updated versions have been installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-81397 | WBSP-AS-001740 | SV-96111r1_rule | CCI-002617 | medium |
| Description | ||||
| By default, when updating WebSphere application server, the older version of binaries are saved in case a "roll back" is necessary. Not keeping the older version makes it more difficult for attackers to "revert" back to the older version. | ||||
| STIG | Date | |||
| IBM WebSphere Traditional V9.x Security Technical Implementation Guide | 2018-08-24 | |||
Details
Check Text (C-96111r1_chk)
Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder.
Default locations are:
UNIX:
/opt/InstallationManager
Windows:
C:\Program Files\InstallationManager
UNIX:
<IMHOME>/eclipse/tools/imcl -c
Select "P" preferences.
Select "3" Files for rollback.
Windows:
<IMHOME>\eclipse\tools\imcl.exe -c
Select "P" preferences.
Select "3" Files for rollback.
If "Save files for rollback" is checked, this is a finding.
Fix Text (F-88183r1_fix)
Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder.
Default locations are:
UNIX:
/opt/InstallationManager
Windows:
C:\Program Files\InstallationManager
UNIX:
<IMHOME>/eclipse/tools/imcl -c
Select "P" preferences.
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.
Windows:
<IMHOME>\eclipse\tools\imcl.exe -c
Select "P" preferences.
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.