Direct links to fixes
APAR status
Closed as program error.
Error description
The OpenSSL Project disclosed OpenSSL vulnerabilities, including the ᄁ¬ツᆲ モFREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability, on January 8, 2015. The IBM SDK for Node.js, which the IBM Business Process Manager (BPM) Configuration editor uses, uses OpenSSL. The applicable CVEs have been addressed in the IBM BPM Configuration editor.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: IBM BPM Advanced * * IBM BPM Standard * * IBM BPM Express * **************************************************************** * PROBLEM DESCRIPTION: The OpenSSL Project disclosed OpenSSL * * vulnerabilities, including the * * ¢â‚¬ “FREAK: Factoring Attack on * RSA-EXPORT keys" TLS/SSL client and * * server vulnerability, on January 8, * * 2015. The IBM SDK for Node.js, which * * the IBM Business Process Manager * * (BPM) Configuration editor uses, uses * * OpenSSL. The applicable CVEs have * * been addressed in the IBM BPM * * Configuration editor. * **************************************************************** * RECOMMENDATION: * **************************************************************** No additional information available.
Problem conclusion
A fix for IBM BPM V8.5.5.0 and 8.5.6.0 is available that updates the Configuration editor to use an updated version of IBM SDK for Node.js. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR52893: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR52893, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Comments
APAR Information
APAR number
JR52893
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-03-22
Closed date
2015-04-20
Last modified date
2015-04-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
30 April 2015