STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Liberty Server Security Technical Implementation Guide

V-250349

CAT II (Medium)

The WebSphere Liberty Server must install security-relevant software updates within the time period directed by an authoritative source.

Rule ID

SV-250349r1137612_rule

STIG

IBM WebSphere Liberty Server Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-002605

Discussion

Security vulnerabilities are often addressed by testing and applying the latest security patches and fix packs. The latest fixpacks can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661

Check Content

Use the "productInfo(.bat/.sh) version" command to determine the WebSphere version. Review the patch level and fix pack. 

Review the latest fixpacks at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661 and determine if the system is operating at the latest patch level.

If the most recent patches/fix packs have not been applied, this is a finding.

Fix Text

Obtain WebSphere Liberty product security and patch support at http://www-01.ibm.com/support/docview.wss?uid=swg27009661. 

Run the productInfo validate command to validate the MD5 checksum file for server installation and each feature.

If a feature is not valid, the command outputs an error and lists the manifest file for the affected feature. The following example validates the features for the current installation and outputs the results to the validate.txt file:

productInfo validate --output=/tmp/validate.txt