Direct links to fixes
APAR status
Closed as program error.
Error description
CVEID: CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.0 - 5.4.10 users * * * **************************************************************** * PROBLEM DESCRIPTION: * * SECURITY APAR FOR: * * CVE-2022-46364 * * * * See security bulletin for details of the vulnerabilities: * * https://www.ibm.com/support/pages/node/7003755 * **************************************************************** * RECOMMENDATION: * * Apply fix maintenance. * * * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following release: IBM Spectrum Control 5.4.10.1 [ 5.4.10.1-IBM-SC ] https://www.ibm.com/support/pages/node/359939
Temporary fix
Comments
APAR Information
APAR number
IT43939
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
549
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-06-12
Closed date
2023-06-23
Last modified date
2023-06-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSWFB4","label":"IBM Spectrum Control Standard Edition"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"549","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]
Document Information
Modified date:
02 January 2025