IT39895: SECURITY APAR FOR CVE-2021-35578

Direct links to fixes

IBM Spectrum Control 5.4.6 - Windows Server
IBM Spectrum Control 5.4.6 - Linux Server
IBM Spectrum Control 5.4.6 - AIX Server
IBM Spectrum Control 5.4.6 - Agents
IBM Spectrum Control 5.4.6 (March 2022)

APAR status

Closed as program error.

Error description

Advisory ADV0038361 - IBM SDK, Java Technology Edition Quarterly
CPU - Oct 2021 - Includes Oracle October 2021 CPU

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
* IBM Spectrum Control 5.4.x and IBM Storage Insights users    *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* CVE-2021-35578                                               *
* Vulnerability in the Java SE, Oracle GraalVM Enterprise      *
* Edition product of Oracle Java SE (component: JSSE).         *
* Supported versions that are affected are Java SE: 8u301,     *
* 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and   *
* 21.2.0. Easily exploitable vulnerability allows              *
* unauthenticated attacker with network access via TLS to      *
* compromise Java SE, Oracle GraalVM Enterprise Edition.       *
* Successful attacks of this vulnerability can result in       *
* unauthorized ability to cause a partial denial of service    *
* (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. *
* Note: This vulnerability can only be exploited by supplying  *
* data to APIs in the specified Component without using        *
* Untrusted Java Web Start applications or Untrusted Java      *
* applets, such as through a web service.                      *
*                                                              *
* See security bulletin for details of the vulnerabilities:    *
* https://www.ibm.com/support/pages/node/6561029               *
*                                                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

Problem conclusion

The fix for this APAR is contained in the following releases:

IBM Spectrum Control 5.4.6   [ 5.4.6-IBM-SC ]
https://www.ibm.com/support/pages/node/359939

IBM Storage Insights 1Q22   [ 54X-IBM-SI ]

( release target 1Q 2022 / March )

The target dates for future releases do not represent a formal
commitment by IBM. The dates are subject to change without
notice.

Temporary fix

Comments

APAR Information

APAR number
IT39895
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
545
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-02-07
Closed date
2022-03-22
Last modified date
2022-03-22

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
TPC
Fixed component ID
5608TPC00

Applicable component levels

[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"545"}]

Document Information

Modified date:
25 June 2022

Tips

IT39895: SECURITY APAR FOR CVE-2021-35578

Direct links to fixes

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

Document Information

Share your feedback

Need support?