A fix is available
APAR status
Closed as program error.
Error description
[USE THIS] OpenSSL - CVE-2021-3712 (Publicly disclosed vulnerability)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.x and IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * CVE-2021-3712 * * OpenSSL could allow a remote attacker to obtain * * sensitive information, caused by an out-of-bounds * * read when processing ASN.1 strings. By sending * * specially crafted data, an attacker could exploit this * * vulnerability to read contents of memory on the * * system or perform a denial of service attack. * * * * See security bulletin for details of the vulnerability: * * https://www.ibm.com/support/pages/node/6524930 * **************************************************************** * RECOMMENDATION: * * Spectrum Control users, apply fix maintenance * * when available. * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following releases: IBM Storage Insights 4Q21 [ 54X-IBM-SI ] IBM Spectrum Control 5.4.5 [ 5.4.5-IBM-SC ] https://www.ibm.com/support/pages/node/359939
Temporary fix
Comments
APAR Information
APAR number
IT38865
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
544
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-10-28
Closed date
2021-12-16
Last modified date
2022-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"544"}]
Document Information
Modified date:
25 June 2022