IBM Support

IT39419: Address Apache Log4j vulnerabilities in the TPF Operations Server 64-bit Java support.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • See Problem Summary.
    

Local fix

  • NA
    

Problem summary

  • APAR NUMBER:  IT39419
    PRODUCT:  TPF Operations Server Ver 1.2
    FUNCTIONAL AREA:  TPF OPERATIONS SERVER VER. 1.2
    SHIPPED IN VERSION:  1.2.0.6
    
    ABSTRACT:
    Address Apache Log4j vulnerabilities in the TPF Operations
    Server 64-bit Java support.
    
    PACKAGE CONTENTS:
    (C) com.ibm.tpf.tos64_1.2.6.jar
    (C) Log4jPlugin64_1.2.6.jar
    (C) TOSApi64_1.2.6.jar
    
    COMMENTS:
    TPF Operations Server 64-bit Java support used Apache Log4j
    Version 2.13.1, which is affected by CVE-2021-44228.
    

Problem conclusion

  • SOLUTION:
    TPF Operations Server 64-bit Java support is upgraded to Apache
    Log4j Version 2.16.0 to address the vulnerability caused by
    CVE-2021-44228.
    
    COREQS: NO
    None.
    
    MIGRATION CONSIDERATIONS: YES
    Before you apply this APAR to your system, ensure that TPF
    Operations Server version 1.2.06 or later is installed and
    the following APARs are applied in the following order:
    
    IC98246
    IT17682
    IT20906
    IT24582
    IT33558
    IT34114
    IT36459
    IT37161
    IT27988
    
    To maintain a list of APARs that are applied to your system,
    you can create a directory named "APAR" under the TPF
    Operations Server base directory, and keep all APAR text
    files (ICxxxxx.txt and ITxxxxx.txt) that are applied to your
    system as a log.
    
    To apply this APAR to your system, complete the following steps:
    1. Transfer and shut down any TPF Operations Server console and
    Java API clients.
    2. Unzip IT39419.zip to a temporary location.
    3. Run "tosapar.bat".
    4. Start and transfer any TPF Operations Server console and
    Java API clients.
    
    
    
    UPDATED INFORMATION UNITS: NO
    None.
    
    See your IBM representative if you need additional information.
    
    DOWNLOAD INSTRUCTIONS:
    https://www.ibm.com/support/docview.wss?uid=swg27049608
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT39419

  • Reported component name

    TPF OPS SRV W/2

  • Reported component ID

    5799GKX00

  • Reported release

    120

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-12-15

  • Closed date

    2021-12-20

  • Last modified date

    2021-12-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TPF OPS SRV W/2

  • Fixed component ID

    5799GKX00

Applicable component levels

[{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSZL53","label":"TPF"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"120"}]

Document Information

Modified date:
21 December 2021