A fix is available
APAR status
Closed as program error.
Error description
*VULNERABILITY SUMMARY* There are multiple vulnerabilities in JAVA that is used by Tivoli Storage FlashCopy Manager for VMware. *VULNERABILITY DETAILS* CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact. CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Tivoli Storage FlashCopy Manager for VMware 3.1, 3.2, and * * 4.1. * **************************************************************** * PROBLEM DESCRIPTION: * * Refer to the following security bulletins: * * http://www.ibm.com/support/docview.wss?uid=swg21979496 * * http://www.ibm.com/support/docview.wss?uid=swg21978694 * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This defect is currently * * projected to be fixed with IBM Tivoli Storage FlashCopy * * Manager for VMware v3.1.1.4, v3.2.0.7, and v4.1.4.1. Note * * that until the fixing level is available, this information * * is subject to change at the discretion of IBM. * ****************************************************************
Problem conclusion
The problem described in this APAR has been fixed so that it no longer occurs.
Temporary fix
Comments
APAR Information
APAR number
IT14160
Reported component name
FLSHCPYMGR VMWA
Reported component ID
5608AC6VM
Reported release
31L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-07
Closed date
2016-03-07
Last modified date
2016-04-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
JAVA
Fix information
Fixed component name
FLSHCPYMGR VMWA
Fixed component ID
5608AC6VM
Applicable component levels
R31L PSY
UP
R32L PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS36V9","label":"Tivoli Storage FlashCopy Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
08 January 2022