Download
Abstract
This document lists the fixes contained in IBM Cloud Pak® System Version 2.3.3.7.
Download Description
To download Version 2.3.3.7, go to the IBM Cloud Pak System product page on IBM Fix Central.
Security vulnerabilities
IBM Cloud Pak System Version 2.3.3.7 includes fixes for these security vulnerabilities:
|
Relevant vulnerabilities |
Summary |
Security bulletin |
|---|---|---|
| CVE-2021-44228 | A vulnerability in Apache Log4j affects IBM Cloud Pak System. | |
| CVE-2021-45046 | ||
| CVE-2021-4104 | ||
| CVE-2023-21830, CVE-2023-21843 | Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System. | 7005573 |
| CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676, CVE-2022-21426, CVE-2020-14781, CVE-2020-14803, CVE-2020-27221, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14556, CVE-2020-14581, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2019-17639 | Multiple vulnerabilities in IBM Java SDK affect IBM OS image for AIX Systems. | 7006015 |
| CVE-2021-35561 | Vulnerability in IBM SDK Java Technology affects IBM Cloud Pak System. | 7009441 |
| CVE-2023-24538, CVE-2023-24538 | Vulnerabilities in Golang Go might affect IBM Cloud Pak System. | |
| CVE-2021-23840, CVE-2021-23841 | Vulnerabilities in OpenSSL affect IBM Cloud Pak System. | 7005857 |
For more information about IBM Product Security articles, see these links:
- https://www.ibm.com/support/pages/bulletin/
- https://www.ibm.com/support/pages/ibm-security-vulnerability-management
- https://www.ibm.com/support/pages/bulletin/search/?q=IBM%20Cloud%20Pak%20System%20Software (All security bulletins for IBM Cloud Pak System Software)
IBM Cloud Pak System APARs
The following table contains the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.3.7.
| APAR | APAR Description |
|---|---|
| IT21356 | Unable to edit or modify the environment profile. |
| IT26845 | "Internal Server Error" occurs in Administering reports. |
| IT27276 | MustGather logs script package failure in the virtual machine CAQA2018. |
| IT28556 | Pattern deployment with add-ons disk fails. |
| IT28736 | Error ID = 74002: Node warm-started due to an internal error on the V7K firmware V7.8.1.1. |
| IT29106 | CMT current clients looping. RETAIN pages fill up. |
| IT29516 | Rest API needs to return more than 500 results by default. |
| IT32241 | IP Groups can be deleted even if a user has only read-only permissions. |
| IT32489 | Send notification gets disabled incorrectly. |
| IT32562 | Errors while updating network configuration. |
| IT32658 | A subdomain is unavailable: CWZIP5540W Shared file system disks are not available on nodes. |
| IT32932 | The Db2 upgrade fix pack failed on the HADR pair. |
| IT32944 | The Chargeback report returns incorrect information. |
| IT33077 | GPFS Cluster update to 1.2.13.0 failed. |
| IT33647 | The unexpected level of TEMS agents in the FoundationZ pattern. |
| IT33718 | Critical errors for the fan in IMM - RU13 |
| IT33739 | A checkOSAgent.sh error is encountered. |
| IT33979 | The ipsec uninstallation causes the instance update to fail. |
| IT35040 | Db2 part middleware role stuck in STARTING state for DSM pattern after Virtual System instance restart. |
| IT35824 | User login changed including privileges by opening a new session without logging out at the user interface |
| IT35852 |
CWZIP9513W: The backup operation for System Backup failed. The cause of the failure is CW.......
|
| IT35876 | Script package in error. |
| IT36291 |
User screen shows the wrong (double) menu items in the IBM Cloud Pak® System user interface.
|
| IT36576 | Delete a snapshot also removes the VSI while not providing the snapshot ID in the URL. |
| IT36623 | Disk add-ons are not run on VMs with IBM Cloud Pak® System. |
| IT36631 | The chargeback report returns incorrect information. |
| IT36789 | Unable to deploy patterns. |
| IT36830 | Execute on script package, or the extend or capture function does not work in IBM Cloud Pak® System Software. |
| IT36841 | Administrative credentials in clear text are found in the log file. |
| IT37389 | Unable to view directory contents in CPS file viewer because of browser language settings. |
| IT37452 | The CLI function not working as expected. |
| IT38094 | Remove a range of IP addresses in an IP Group that is not logged on the Audit log and not displayed as a Security Event. |
| IT38607 | HTTP Strict Transport Security (HSTS) Policy Not Enabled. |
| IT39441 | A nonadministrative user cannot grant another user rights to its own instances after IBM Cloud Pak System 2.3.3.3 upgrade. |
| Unexpected CLI login exception after incorrect credentials are provided. | |
| CLI - Issue when you add user groups with spaces in the group name. | |
| IT40630 | The "Getting started" page has out-of-date information and links. |
| IT40642 | Different behavior in creating WebSphere node certificates on multiple systems of IBM Cloud Pak System. |
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
04 July 2023
UID
ibm16982513