IBM Support

IV67031: CICS EXPLORER SECURITY PROBLEM

Readmes are available

IBM CICSEX-5.2.0-FP0002
IBM CICSEX-5.1.1-FP0006
IBM CICSEX-5.2.0-FP0003
IBM CICSEX-5.2.0-FP0004
IBM CICSEX-5.1.0-FP0002
IBM CICSEX-5.2.0-FP0005
IBM CICSEX-5.2.0-FP0006
IBM CICSEX-5.2.0-FP0007
IBM CICSEX-5.2.0-FP0008
IBM CICSEX-5.2.0-FP0009

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CICS Explorer Security Problem

Local fix

  • 



Problem summary


    

  • CICS Explorer allows users to make connections to servers,
encrypted using the SSLv3 protocol. SSLv3 suffers from the
POODLE vulnerability (see
http://www.ibm.com/support/docview.wss?uid=swg21687988 for more
details).

    



Problem conclusion


    

  • Updating all servers to disable SSLv3 is the preferred approach
to avoiding this vulnerability. Additionally, the CICS Explorer
client has been updated to package a new Java Runtime
Environment (JRE) that does not allow SSLv3 connections.
Note that if you are using the CICS Explorer product you must
install a fresh copy, rather than using the update mechanism
within CICS Explorer, to receive the new JRE. If you are using
the CICS Explorer SDK installed into a version of Eclipse, you
must make your own arrangements to update your JRE.
If you try and make a connection to a server that requires SSLv3
after installing this update, you will receive the error
message:
IZE0106E Connect failed with error
"java.security.NoSuchAlgorithmException: SSLv3 SSLContext not
available".
This fix will be made available in Version 5.1.0.2, 5.1.1.6, and
5.2.0.2 of
the CICS Explorer.
For installation instructions please see:
Ordering maintenance for the IBM CICS Explorer
http://www.ibm.com/support/docview.wss?uid=swg21380083

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV67031
    • 

  • Reported component name
    CICS EXPLORER V
    • 

  • Reported component ID
    5655Y0401
    • 

  • Reported release
    510
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2014-11-18
    • 

  • Closed date
    2014-12-11
    • 

  • Last modified date
    2014-12-11
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IV67030
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    CICS EXPLORER V
    • 

  • Fixed component ID
    5655Y0401
    • 



Applicable component levels


    

  • R510  PSY
       UP
    • 

  • R511  PSY
       UP
    • 

  • R520  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC8GK3","label":"Explorer"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 December 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback