IBM Support

IBM Tivoli Monitoring Portal Server Insecure Ciphers Update (IV74486)



This fix removes insecure ciphers from the IBM Tivoli Monitoring portal server.

Download Description

It addresses the security vulnerability as documented in the Logjam Security Bulletin, the section titled "Portal Server Communication with Portal Clients" when configured to use SSL over IIOP:

The patch below also replaces the manual steps previously documented in the following Security bulletins. If the manual steps were previously done, the steps do not need to be undone. If the steps have not been done, then installing the patch below will address these issues also.

The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Tivoli Monitoring, the section titled "Portal Server Communication with Portal Clients":

The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Monitoring (ITM), section titled "Portal Server":

A new variant of the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack for TLS may affect IBM Tivoli Monitoring (ITM), the section titled "Portal Server Communication with Portal Clients":


The prerequisite level for this fix is as follows:
- IBM Tivoli Monitoring, version 6.3.0 Fix Pack 5 (6.3.0-TIV-ITM-FP0005)
- OR -
- IBM Tivoli Monitoring, version 6.2.3 Fix Pack 5 (6.2.3-TIV-ITM-FP0005)
- OR -
- IBM Tivoli Monitoring, version 6.2.2 Fix Pack 9 (6.2.2-TIV-ITM-FP0009)


Installation Instructions

Refer to the README file located in Fix Central for additional information.

Change History

2015-07-31: Original publish date

[{"DNLabel":"6.3.0-TIV-ITM-FP0005-IV74486","DNDate":"31 Jul 2015","DNLang":"English","DNSize":"10145423","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.3-TIV-ITM-FP0005-IV74486","DNDate":"31 Jul 2015","DNLang":"English","DNSize":"13068660","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.2-TIV-ITM-FP0009-IV74486","DNDate":"31 Jul 2015","DNLang":"English","DNSize":"12296102","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"","Edition":"","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
15 June 2018