IBM Support

IT39419: Address Apache Log4j vulnerabilities in the TPF Operations Server 64-bit Java support.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • See Problem Summary.

Local fix

  • NA

Problem summary

  • APAR NUMBER:  IT39419
PRODUCT:  TPF Operations Server Ver 1.2
FUNCTIONAL AREA:  TPF OPERATIONS SERVER VER. 1.2
SHIPPED IN VERSION:  1.2.0.6

ABSTRACT:
Address Apache Log4j vulnerabilities in the TPF Operations
Server 64-bit Java support.

PACKAGE CONTENTS:
(C) com.ibm.tpf.tos64_1.2.6.jar
(C) Log4jPlugin64_1.2.6.jar
(C) TOSApi64_1.2.6.jar

COMMENTS:
TPF Operations Server 64-bit Java support used Apache Log4j
Version 2.13.1, which is affected by CVE-2021-44228.

Problem conclusion

  • SOLUTION:
TPF Operations Server 64-bit Java support is upgraded to Apache
Log4j Version 2.16.0 to address the vulnerability caused by
CVE-2021-44228.

COREQS: NO
None.

MIGRATION CONSIDERATIONS: YES
Before you apply this APAR to your system, ensure that TPF
Operations Server version 1.2.06 or later is installed and
the following APARs are applied in the following order:

IC98246
IT17682
IT20906
IT24582
IT33558
IT34114
IT36459
IT37161
IT27988

To maintain a list of APARs that are applied to your system,
you can create a directory named "APAR" under the TPF
Operations Server base directory, and keep all APAR text
files (ICxxxxx.txt and ITxxxxx.txt) that are applied to your
system as a log.

To apply this APAR to your system, complete the following steps:
1. Transfer and shut down any TPF Operations Server console and
Java API clients.
2. Unzip IT39419.zip to a temporary location.
3. Run "tosapar.bat".
4. Start and transfer any TPF Operations Server console and
Java API clients.



UPDATED INFORMATION UNITS: NO
None.

See your IBM representative if you need additional information.

DOWNLOAD INSTRUCTIONS:
https://www.ibm.com/support/docview.wss?uid=swg27049608

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT39419
    • 

  • Reported component name
    TPF OPS SRV W/2
    • 

  • Reported component ID
    5799GKX00
    • 

  • Reported release
    120
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-12-15
    • 

  • Closed date
    2021-12-20
    • 

  • Last modified date
    2021-12-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TPF OPS SRV W/2
    • 

  • Fixed component ID
    5799GKX00
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSZL53","label":"TPF"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"120"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback