The WebSphere Liberty Server must install security-relevant software updates within the time period directed by an authoritative source.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-250349	SRG-APP-000456-AS-000266	IBMW-LS-001170	SV-250349r961683_rule	2025-02-11	2

Description
Security vulnerabilities are often addressed by testing and applying the latest security patches and fix packs. The latest fixpacks can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661

ℹ️ Check
Use the "productInfo(.bat/.sh) version" command to determine the WebSphere version. Review the patch level and fix pack. Review the latest fixpacks at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661 and determine if the system is operating at the latest patch level. If the most recent patches/fix packs have not been applied, this is a finding.

✔️ Fix
Obtain WebSphere Liberty product security and patch support at http://www-01.ibm.com/support/docview.wss?uid=swg27009661. Run the productInfo validate command to validate the MD5 checksum file for server installation and each feature. If a feature is not valid, the command outputs an error and lists the manifest file for the affected feature. The following example validates the features for the current installation and outputs the results to the validate.txt file: productInfo validate --output=/tmp/validate.txt

✔️ Fix

Obtain WebSphere Liberty product security and patch support at http://www-01.ibm.com/support/docview.wss?uid=swg27009661. Run the productInfo validate command to validate the MD5 checksum file for server installation and each feature. If a feature is not valid, the command outputs an error and lists the manifest file for the affected feature. The following example validates the features for the current installation and outputs the results to the validate.txt file: productInfo validate --output=/tmp/validate.txt