Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager CVE-2021-2388, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341.

Security Bulletin

Summary

A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v3.9, v4.1 and v4.2 which was disclosed in the Oracle July 2021 Critical Patch Update.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
ITNM	3.9
ITNM	4.1.1.x
ITNM	4.2

Remediation/Fixes

To update the Java Runtime Environment (JRE), complete the following steps.

1. Locate the appropriate IBM JRE for your operating system on the IBM Fix Central website.

AIX: IBM Java 8.0.6.35 for AIX

Linux: IBMJava 8.0.6.35 for 64-bit Linux

zLinux: IBM Java 8.0.6.16 for Linux for z/OS

2. Download version 8.0.6.16 in archive, not binary, format and install it as per following steps.

3. Back up the directory $NCHOME/precision/jre.

4. Stop all running processes of the Network Manager Core Components and Apache Storm by using the itnm_stop command.

5. Delete the contents of the $NCHOME/precision/jre/bin and $NCHOME/precision/jre/lib directory.

6. Copy the contents of the bin and lib directories from the JRE that you installed in step 2 to $NCHOME/precision/jre/bin and $NCHOME/precision/jre/lib, respectively.

7. Restart the Network Manager Core Components and Apache Storm by using the itnm_start command. To upgrade or rollback the Network Manager Core Components, restore the backup that you made in step 3. Perform the upgrade or rollback, then perform steps 4 to 7 again.2

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Change History

07 Sep 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSHRK","label":"Tivoli Network Manager IP Edition"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF051","label":"Linux on IBM Z Systems"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"3.9,4.1.1,4.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Was this topic helpful?

Document Information

Modified date:
18 October 2021

Initial Publish date:
07 September 2021

UID

ibm16505247

Tips

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager CVE-2021-2388, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341.