Fixes are available
IBM Spectrum Control V5.2.10 (May 2016)
IBM Spectrum Control V5.2.10.1 (July 2016)
IBM Spectrum Control V5.2.11 (August 2016)
IBM Spectrum Control V5.2.12 (November 2016)
IBM Spectrum Control V5.2.13 (March 2017)
IBM Spectrum Control V5.2.14 (May 2017)
IBM Spectrum Control V5.2.15 (August 2017)
IBM Spectrum Control V5.2.15.2 (November 2017)
IBM Spectrum Control V5.2.16 (March 2018)
IBM Spectrum Control V5.2.17 (May 2018)
APAR status
Closed as program error.
Error description
SSL RC4 Cipher Suites Supported vulnerability detected on a ports of the IBM Spectrum Control machine. Nessus Scan result shows: [9549/tcp/unknown] SSL RC4 Cipher Suites Supported .
Local fix
1. Stop data server and other spectrum control services. 2. Make a backup copy of the original \IBM\TPC\jre\lib\security\java.security file 3. Modify java.security to add "RC4" to two of the properties that disabled algorithms: jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, RC4 jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 768, RC4 * Just add RC4 to them. Don't change anything else. 4. Save the file and start the Spectrum Control services. 5. Test for RC4 vulnerability with the Data Server port 9549 again.
Problem summary
**************************************************************** * USERS AFFECTED: * * TPC and IBM Spectrum Control 5.2.5.1 through 5.2.9 users * **************************************************************** * PROBLEM DESCRIPTION: * * See security bulletin: * * http://www-01.ibm.com/support/docview.wss?uid=swg21883158 * **************************************************************** * RECOMMENDATION: * * Apply fix maintenance when available. * ****************************************************************
Problem conclusion
See security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21883158 Fixed in IBM Spectrum Control 5.2.10. | MDVPARTL - 5.2-TIV-TPC-RP0006 | | MDVPARTL - 5.2-TIV-TPC-RP0007 | | MDVPARTL - 5.2-TIV-TPC-RP0008 | | MDVPARTL - 5.2-TIV-TPC-RP0009 |
Temporary fix
Comments
APAR Information
APAR number
IT15332
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
528
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-17
Closed date
2016-08-04
Last modified date
2016-08-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
SECURITY
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
R526 PSY
UP
R527 PSY
UP
R528 PSY
UP
R529 PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS5R93","label":"IBM Spectrum Control"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"528","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
22 February 2022