IBM Support

IV67030: CICS EXPLORER SECURITY PROBLEM

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

Direct links to fixes

1.1.0.4-WS-CICSExplorer-WinLin-IV67030
1.0.1.4-WS-CICSExplorer-WinLin
1.0.0.9-OS-CICSEX-WinLin-IV67030

 

APAR status

  • Closed as program error.

Error description

  • CICS Explorer Security Problem

Local fix

  • 



Problem summary


    

  • CICS Explorer allows users to make connections to servers,
encrypted using the SSLv3 protocol. SSLv3 suffers from the
POODLE vulnerability (see
http://www.ibm.com/support/docview.wss?uid=swg21687988 for more
details).

    



Problem conclusion


    

  • Updating all servers to disable SSLv3 is the preferred approach
to avoiding this vulnerability. Additionally, the CICS Explorer
client has been updated to package a new Java Runtime
Environment (JRE) that does not allow SSLv3 connections.
Note that if you are using the CICS Explorer product you must
install a fresh copy, rather than using the update mechanism
within CICS Explorer, to receive the new JRE. If you are using
the CICS Explorer SDK installed into a version of Eclipse, you
must make your own arrangements to update your JRE.
If you try and make a connection to a server that requires SSLv3
after installing this update, you will receive the error
message:
IZE0106E Connect failed with error
"java.security.NoSuchAlgorithmException: SSLv3 SSLContext not
available".
This fix will be made available in Versions 1.1.1.5, 1.1.0.4,
1.0.1.4 and 1.0.0.9 of
the CICS Explorer.
For installation instructions please see:
Ordering maintenance for the IBM CICS Explorer
http://www.ibm.com/support/docview.wss?uid=swg21380083

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV67030
    • 

  • Reported component name
    CICS EXPLORER V
    • 

  • Reported component ID
    5655S9701
    • 

  • Reported release
    100
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-11-18
    • 

  • Closed date
    2014-12-09
    • 

  • Last modified date
    2014-12-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
IV67031
    

    • 



Modules/Macros


    

  •    EXPLORER

    



Fix information


    

  • Fixed component name
    CICS EXPLORER V
    • 

  • Fixed component ID
    5655S9701
    • 



Applicable component levels


    

  • R111  PSY
       UP
    • 

  • R110  PSY
       UP
    • 

  • R101  PSY
       UP
    • 

  • R100  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC8GK3","label":"Explorer"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            09 December 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback