IT41451: A VULNERABILITY IN APACHE COMMONS CONFIGURATION AFFECTS STERLING C:D FILE AGENT (CVE-2022-3398)

Direct links to fixes

1.4.0.5-SterlingConnectDirectFileAgent-iFix009-zOS
1.4.0.5-SterlingConnectDirectFileAgent-iFix009-Windows
1.4.0.5-SterlingConnectDirectFileAgent-iFix009-Unix
1.4.0.5-SterlingConnectDirectFileAgent-iFix009-LinuxPPC
1.4.0.5-SterlingConnectDirectFileAgent-iFix009-Linux
1.4.0.5-SterlingConnectDirectFileAgent-iFix009-AIX
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-zOS
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-Windows
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-Unix
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-SolarisSPARC
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-LinuxPPC
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-Linux
1.4.0.5-SterlingConnectDirectFileAgent-iFix006-AIX
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-zOS
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-Windows
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-Unix
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-SolarisSPARC
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-LinuxPPC
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-Linux
1.4.0.5-SterlingConnectDirectFileAgent-iFix002-AIX
1.4.0.5-SterlingConnectDirectFileAgent-zOS
1.4.0.5-SterlingConnectDirectFileAgent-Windows
1.4.0.5-SterlingConnectDirectFileAgent-Unix
1.4.0.5-SterlingConnectDirectFileAgent-SolarisSPARC
1.4.0.5-SterlingConnectDirectFileAgent-LinuxPPC
1.4.0.5-SterlingConnectDirectFileAgent-Linux
1.4.0.5-SterlingConnectDirectFileAgent-AIX
1.4.0.4-SterlingConnectDirectFileAgent-Unix
1.4.0.4-SterlingConnectDirectFileAgent-zOS
1.4.0.4-SterlingConnectDirectFileAgent-Windows
1.4.0.4-SterlingConnectDirectFileAgent-SolarisSPARC
1.4.0.4-SterlingConnectDirectFileAgent-LinuxPPC
1.4.0.4-SterlingConnectDirectFileAgent-Linux
1.4.0.4-SterlingConnectDirectFileAgent-AIX
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-zOS
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-Windows
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-Unix
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-Linux
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-LinuxPPC
1.4.0.3-SterlingConnectDirectFileAgent-iFix017-AIX
1.4.0.3-SterlingConnectDirectFileAgent-iFix014-Windows
1.4.0.3-SterlingConnectDirectFileAgent-iFix014-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-iFix014-LinuxPPC
1.4.0.3-SterlingConnectDirectFileAgent-iFix014-Linux
1.4.0.3-SterlingConnectDirectFileAgent-iFix014-AIX
1.4.0.3-SterlingConnectDirectFileAgent-iFix012-Windows
1.4.0.3-SterlingConnectDirectFileAgent-iFix012-LinuxPPC
1.4.0.3-SterlingConnectDirectFileAgent-iFix012-Linux
1.4.0.3-SterlingConnectDirectFileAgent-iFix012-AIX
1.4.0.3-SterlingConnectDirectFileAgent-iFix011-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-iFix011-AIX
1.4.0.3-SterlingConnectDirectFileAgent-iFix008-Windows
1.4.0.3-SterlingConnectDirectFileAgent-iFix008-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-zOS
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-Windows
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-Unix
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-LinuxPPC
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-Linux
1.4.0.3-SterlingConnectDirectFileAgent-iFix007-AIX
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-Windows
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-Unix
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-LinuxPPC
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-Linux
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-CDzOS
1.4.0.3-SterlingConnectDirectFileAgent-iFix004-AIX
1.4.0.2-SterlingConnectDirectFileAgent-SolarisINTEL-iFix046
1.4.0.3-SterlingConnectDirectFileAgent-Windows
1.4.0.3-SterlingConnectDirectFileAgent-Unix
1.4.0.3-SterlingConnectDirectFileAgent-SolarisSPARC
1.4.0.3-SterlingConnectDirectFileAgent-LinuxPPC
1.4.0.3-SterlingConnectDirectFileAgent-Linux
1.4.0.3-SterlingConnectDirectFileAgent-HP-UX-Itanium
1.4.0.3-SterlingConnectDirectFileAgent-CDzOS
1.4.0.3-SterlingConnectDirectFileAgent-AIX
1.4.0.2-SterlingConnectDirectFileAgent-Windows-iFix045
1.4.0.2-SterlingConnectDirectFileAgent-Windows-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-Unix-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-SolarisSPARC-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-SolarisINTEL-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-LinuxPPC-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-Linux-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-HP-UX-Itanium-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-CDzOS-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-AIX-iFix043
1.4.0.2-SterlingConnectDirectFileAgent-Unix-iFix037
1.4.0.2-SterlingConnectDirectFileAgent-CDzOS-iFix037
1.4.0.2-SterlingConnectDirectFileAgent-HP-UX-Itanium-iFix036
1.4.0.2-SterlingConnectDirectFileAgent-Windows-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-Unix-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-SolarisSPARC-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-SolarisINTEL-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-LinuxPPC-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-Linux-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-HP-UX-Itanium-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-CDzOS-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-AIX-iFix035
1.4.0.2-SterlingConnectDirectFileAgent-Windows-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-Unix-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-SolarisSPARC-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-SolarisINTEL-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-LinuxPPC-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-Linux-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-HP-UX-Itanium-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-CDzOS-iFix030
1.4.0.2-SterlingConnectDirectFileAgent-AIX-iFix030

APAR status

Closed as program error.

Error description

There is a vulnerability in Apache Commons Configuration used by
IBM Sterling Connect:Direct File Agent (CVE-2022-3398).

Local fix

STRMFT-13492
VT / VT
Circumvention: None

Problem summary

Users Affected:
Sterling Connect:Direct File Agent 1.4.0

Problem Description:
There is a vulnerability in Apache Commons Configuration used by
IBM Sterling Connect:Direct File Agent (CVE-2022-3398).

Platforms Affected:
All supported platforms

Problem conclusion

Resolution Summary:
Updated the Apache Commons Configuration component.

Delivered In:
Sterling Connect:Direct File Agent 1.4.0.2_iFix026

Temporary fix

Comments

APAR Information

APAR number
IT41451
Reported component name
STR CD FILE AGE
Reported component ID
5725C9902
Reported release
140
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-07-15
Closed date
2022-08-05
Last modified date
2022-08-05

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
STR CD FILE AGE
Fixed component ID
5725C9902

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSHPZT","label":"Sterling Connect:Direct File Agent"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.4","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Document Information

Modified date:
16 April 2026

Share your feedback

Need support?