Direct links to fixes
APAR status
Closed as program error.
Error description
Advisory ADV0038361 - IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.x and IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * CVE-2021-35578 * * Vulnerability in the Java SE, Oracle GraalVM Enterprise * * Edition product of Oracle Java SE (component: JSSE). * * Supported versions that are affected are Java SE: 8u301, * * 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and * * 21.2.0. Easily exploitable vulnerability allows * * unauthenticated attacker with network access via TLS to * * compromise Java SE, Oracle GraalVM Enterprise Edition. * * Successful attacks of this vulnerability can result in * * unauthorized ability to cause a partial denial of service * * (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. * * Note: This vulnerability can only be exploited by supplying * * data to APIs in the specified Component without using * * Untrusted Java Web Start applications or Untrusted Java * * applets, such as through a web service. * * * * See security bulletin for details of the vulnerabilities: * * https://www.ibm.com/support/pages/node/6561029 * * * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following releases: IBM Spectrum Control 5.4.6 [ 5.4.6-IBM-SC ] https://www.ibm.com/support/pages/node/359939 IBM Storage Insights 1Q22 [ 54X-IBM-SI ] ( release target 1Q 2022 / March ) The target dates for future releases do not represent a formal commitment by IBM. The dates are subject to change without notice.
Temporary fix
Comments
APAR Information
APAR number
IT39895
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
545
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-02-07
Closed date
2022-03-22
Last modified date
2022-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"545"}]
Document Information
Modified date:
25 June 2022