Direct links to fixes
APAR status
Closed as program error.
Error description
After upgrading IBM Spectrum Control from 5.2.14 to 5.2.15 there is a security vulnerability CVE-2015-4000 (SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) See under: <SC installation directory>/wlp/usr/servers/webServer/jvm.options there is no -Djdk.tls.ephemeralDHKeySize=2048 UPDATED 1/31/2018: Setting this value to 2048 is a more comprehensive fix than the otherwise sufficient value of 1024. See updated Security Bulletin for CVE-2015-4000 http://www-01.ibm.com/support/docview.wss?uid=swg21961128
Local fix
Edit <SC installation directory>/wlp/usr/servers/webServer/jvm.option by adding: -Djdk.tls.ephemeralDHKeySize=2048 Save the change and restart Spectrum Control Web Server.
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.2.x users * **************************************************************** * PROBLEM DESCRIPTION: * * SECURITY VULNERABILITY: CVE-2015-4000 * * * * Review the security bulletin: * * http://www-01.ibm.com/support/docview.wss?uid=swg21961128 * **************************************************************** * RECOMMENDATION: * * Apply fix maintenance when available * ****************************************************************
Problem conclusion
The initial fix for this security vulnerability was contained in IBM Spectrum Control 5.2.7, August 2015 see Latest Downloads: http://www-01.ibm.com/support/docview.wss?&uid=swg21320822#52_0 Additional fix for this APAR is contained in the following maintenance package: IBM Spectrum Control 5.2.16 | refresh pack | 5.2-TIV-TPC-RP0016 | March 2018 http://www.ibm.com/support/docview.wss?&uid=swg21320822 The target dates for future releases do not represent a formal commitment by IBM. The dates are subject to change without notice.
Temporary fix
Comments
APAR Information
APAR number
IT23276
Reported component name
TPC ADVANCED
Reported component ID
5608TPCA0
Reported release
52D
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-11-27
Closed date
2018-01-31
Last modified date
2018-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC ADVANCED
Fixed component ID
5608TPCA0
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSC6VJ","label":"IBM Spectrum Control Advanced Edition"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"52D"}]
Document Information
Modified date:
04 September 2023