The WebSphere Application Server must remove organization-defined software components after updated versions have been installed.

An XCCDF Rule

Description

<VulnDiscussion>By default, when updating WebSphere application server, the older version of binaries are saved in case a "roll back" is necessary. Not keeping the older version makes it more difficult for attackers to "revert" back to the older version.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-96111r1_rule
Severity: Medium
References: CCI-002617
Updated: about 1 year ago

Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder.

Default locations are:
UNIX:
/opt/InstallationManager
Windows:
C:\Program Files\InstallationManager

UNIX:
<IMHOME>/eclipse/tools/imcl -c

Select "P" preferences. 
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.

Windows:
<IMHOME>\eclipse\tools\imcl.exe -c

Select "P" preferences.
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.

The WebSphere Application Server must remove organization-defined software components after updated versions have been installed.

Description

Remediation - Manual Procedure