IBM Support

IV31975: SYSROUTE OF IV31975:GSKIT TRUST ANCHOR VULNERABILITY IN TIVOLI ACCESS MANAGER FOR E-BUSINESS (CVE-2012-2203)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A vulnerability has been identified in the GSKIT component
    utilitized by Tivoli Access Manager for e-business (TAM) such
    that trust anchors can be inserted without detection.
    Remediation of the issue consists of upgrading affected GSKIT 7
    versions to version 7.0.4.42 or higher.
    

Local fix

Problem summary

  • A vulnerability has been identified in the GSKI
    T component utilized by Tivoli Access Manager for e-business (TA
    M) such that trust anchors can be inserted without detection.  R
    emediation for this issue consists of upgrading GSKIT 7 versions
    to version 7.0.4.42 or higher.
    

Problem conclusion

  • The fix for this APAR is expected to be cont
    ained in the following maintenance delivery vehicle:
    | fix pack | 6.0.0-ISS-TAM-FP0030
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV31975

  • Reported component name

    ACCESS MGR E-BU

  • Reported component ID

    5724C0800

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-14

  • Closed date

    2012-11-15

  • Last modified date

    2012-11-15

  • APAR is sysrouted FROM one or more of the following:

    IV31970

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    ACCESS MGR E-BU

  • Fixed component ID

    5724C0800

Applicable component levels

  • R600 PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
15 November 2012