IBM Support

IBM Tivoli Monitoring Portal Server Insecure Ciphers Update (IV74486)

Download


Abstract

This fix removes insecure ciphers from the IBM Tivoli Monitoring portal server.

Download Description

It addresses the security vulnerability as documented in the Logjam Security Bulletin, the section titled "Portal Server Communication with Portal Clients" when configured to use SSL over IIOP:http://www.ibm.com/support/docview.wss?uid=swg21962739


The patch below also replaces the manual steps previously documented in the following Security bulletins. If the manual steps were previously done, the steps do not need to be undone. If the steps have not been done, then installing the patch below will address these issues also.

The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Tivoli Monitoring, the section titled "Portal Server Communication with Portal Clients": http://www-01.ibm.com/support/docview.wss?uid=swg21883223

The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Monitoring (ITM), section titled "Portal Server": http://www-01.ibm.com/support/docview.wss?uid=swg21701519

A new variant of the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack for TLS may affect IBM Tivoli Monitoring (ITM), the section titled "Portal Server Communication with Portal Clients": http://www-01.ibm.com/support/docview.wss?uid=swg21694339

Prerequisites

The prerequisite level for this fix is as follows:
- IBM Tivoli Monitoring, version 6.3.0 Fix Pack 5 (6.3.0-TIV-ITM-FP0005)
- OR -
- IBM Tivoli Monitoring, version 6.2.3 Fix Pack 5 (6.2.3-TIV-ITM-FP0005)
- OR -
- IBM Tivoli Monitoring, version 6.2.2 Fix Pack 9 (6.2.2-TIV-ITM-FP0009)

[{"PRLabel":"6.3.0-TIV-ITM-FP0005","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0&function=fixId&fixids=6.3.0-TIV-ITM-FP0005"},{"PRLabel":"6.2.3-TIV-ITM-FP0005","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.3&function=fixId&fixids=6.2.3-TIV-ITM-FP0005"},{"PRLabel":"6.2.2-TIV-ITM-FP0009","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.2&function=fixId&fixids=6.2.2-TIV-ITM-FP0009"}]

Installation Instructions

Refer to the README file located in Fix Central for additional information.

Change History

2015-07-31: Original publish date

On
[{"DNLabel":"6.3.0-TIV-ITM-FP0005-IV74486","DNDate":"31 Jul 2015","DNLang":"English","DNSize":"10145423","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0.5&function=fixId&fixids=6.3.0-TIV-ITM-FP0005-IV74486","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.3-TIV-ITM-FP0005-IV74486","DNDate":"31 Jul 2015","DNLang":"English","DNSize":"13068660","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.3.5&function=fixId&fixids=6.2.3-TIV-ITM-FP0005-IV74486","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.2-TIV-ITM-FP0009-IV74486","DNDate":"31 Jul 2015","DNLang":"English","DNSize":"12296102","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.2.9&function=fixId&fixids=6.2.2-TIV-ITM-FP0009-IV74486","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.3.0.2","Edition":"","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
15 June 2018

UID

swg24040448