IBM Support

IJ17380: ATTEMPTING TO OPEN AN OFFENSE CAN FAIL WHEN THERE ARE A LARGE NUMBER OF NETWORKS ASSOCIATED TO IT

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It has been identified that attempting to load an Offense can
    fail when an offense has a large number of networks associated
    with it.
    Messages similar to the following might be visible in
    /var/log/qradar.log when this issue is available:
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary] Caused by:
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary] java.lang.StackOverflowError
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.lib.util.J2DoPrivHelper$59.run(J2DoPrivHelper
    .java:1219)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.lib.util.J2DoPrivHelper$59.run(J2DoPrivHelper
    .java:1217)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    java.security.AccessController.doPrivileged(AccessController.jav
    a:647)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.persistence.AnnotationPersistenceXMLMetaDataP
    arser.parseXMLClassAnnotations(AnnotationPersistenceXMLMetaDataP
    arser.java:161)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.persistence.AnnotationPersistenceXMLMetaDataP
    arser.parse(AnnotationPersistenceXMLMetaDataParser.java:153)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.persistence.PersistenceMetaDataFactory.loadXM
    LMetaData(PersistenceMetaDataFactory.java:579)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.meta.MetaDataRepository.getXMLMetaDataInterna
    l(MetaDataRepository.java:2429)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.meta.MetaDataRepository.getXMLMetaData(MetaDa
    taRepository.java:2412)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.kernel.exps.AbstractExpressionBuilder.travers
    ePath(AbstractExpressionBuilder.java:314)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.kernel.jpql.JPQLExpressionBuilder.getPath(JPQ
    LExpressionBuilder.java:2000)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.kernel.jpql.JPQLExpressionBuilder.getPathOrCo
    nstant(JPQLExpressionBuilder.java:1920)
    [tomcat.tomcat] [user@127.0.0.1 (2281)
    /console/do/sem/offensesummary]    at
    org.apache.openjpa.kernel.jpql.JPQLExpressionBuilder.eval(JPQLEx
    pressionBuilder.java:1207)
    [tomcat.tomcat] [user@127.0.0.1
    

Local fix

  • Where possible, modify the user needing access to the Offense
    to be an Admin
    

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 7.4.0 Fix Pack
    3 and 7.3.3 FixPack 4.
    

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 7.4.0 Fix Pack
    3 and 7.3.3 FixPack 4.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ17380

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    732

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-07-02

  • Closed date

    2020-06-16

  • Last modified date

    2020-07-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"732"}]

Document Information

Modified date:
15 July 2020