Direct links to fixes
APAR status
Closed as program error.
Error description
IBM Dojo Toolkit - CVE-2021-23450 (Publicly disclosed vulnerability)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.x and IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * CVEID: CVE-2021-23450 * * All versions of package dojo are vulnerable to * * Prototype Pollution via the setObject function. * * * * See security bulletin for details of the vulnerabilities: * * https://www.ibm.com/support/pages/node/6561029 * * * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following releases: IBM Spectrum Control 5.4.6 [ 5.4.6-IBM-SC ] https://www.ibm.com/support/pages/node/359939 IBM Storage Insights 1Q22 [ 54X-IBM-SI ] ( 1Q 2022 / March )
Temporary fix
Comments
APAR Information
APAR number
IT39890
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
545
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-02-07
Closed date
2022-03-22
Last modified date
2022-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"545"}]
Document Information
Modified date:
25 June 2022