IBM Support

JR56833: MULTIPLE VULNERABILITIES IN IBM SDK FOR NODE.JS MIGHT AFFECT THEIBM BPM CONFIGURATION EDITOR

Direct links to fixes

8.5.6.2-WS-BPM-IFJR56833
bpm.8570.cf2016.12.delta.repository
Downloading IBM Business Process Manager V8.5.7 Cumulative Fix 2016.12

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The IBM SDK for Node.js September 2016 Security Release fixes
several vulnerabilities: CVE-2016-2178, CVE-2016-2183,
CVE-2016-5325, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306, and
CVE-2016-7099. For more information, see "Security Bulletin:
Multiple vulnerabilities may affect IBM® SDK for Node.js?" at
https://www-01.ibm.com/support/docview.wss?uid=swg21985392)

The IBM BPM Configuration editor is based on IBM SDK for Node.js
and picks up the latest security fixes with this interim fix.

Local fix

  • N/A

Problem summary

  • No additional information is available.

Problem conclusion

  • A fix is available for IBM BPM V8.5.5.0, V8.5.6.0, and V8.5.7.0
that upgrades IBM SDK for Node.js in the IBM BPM Configuration
editor to a version containing the latest security fixes.

For IBM BPM V8.5.5.0 and V8.5.6.0, search for JR56833 on Fix
Central (http://www.ibm.com/support/fixcentral):

1. Select IBM Business Process Manager with your edition from
the product selector, the installed version to the fix pack
level, and your platform, and then click Continue.
2. Select APAR or SPR, enter JR56833, and click Continue.

For IBM BPM V8.5.6.0, this fix is built on IBM BPM 8.5.6.0
cumulative fix 2. If you do not already have IBM BPM V8.5.6
cumulative fix 2 installed, download and install it from
http://www.ibm.com/support/docview.wss?uid=swg24041303.

For IBM BPM V8.5.7.0, the fix will be included in IBM BPM V8.5.7
cumulative fix 2016.12. To determine whether the later
cumulative fix is available and download it if it is, complete
the following steps on Fix Central:

1. Select IBM Business Process Manager with your edition from
the product selector, the installed version to the fix pack
level, and your platform, and then click Continue.
2. Select Text, enter 'cumulative fix' and click Continue.

When you download fix packages, ensure that you also download
the readme file for each fix. Review each readme file for
additional installation instructions and information about the
fix.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR56833
    • 

  • Reported component name
    BPM ADVANCED
    • 

  • Reported component ID
    5725C9400
    • 

  • Reported release
    857
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-10-18
    • 

  • Closed date
    2016-12-27
    • 

  • Last modified date
    2016-12-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    BPM ADVANCED
    • 

  • Fixed component ID
    5725C9400
    • 



Applicable component levels


    

  • R857  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"857","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            14 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback