Direct links to fixes
APAR status
Closed as program error.
Error description
[ALL] google-gson - 217225 (Publicly disclosed vulnerability)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.x and IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * CVEID: 217225 * * gson is vulnerable to a denial of service, caused by * * the deserialization of untrusted data. By using the * * writeReplace() method, a remote attacker could * * exploit this vulnerability to cause a denial of service. * * * * See security bulletin for details of the vulnerabilities: * * https://www.ibm.com/support/pages/node/6561029 * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following releases: IBM Spectrum Control 5.4.6 [ 5.4.6-IBM-SC ] https://www.ibm.com/support/pages/node/359939 IBM Storage Insights 1Q22 [ 54X-IBM-SI ] ( 1Q 2022 / March )
Temporary fix
Comments
APAR Information
APAR number
IT39899
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
545
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-02-07
Closed date
2022-03-22
Last modified date
2022-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"545"}]
Document Information
Modified date:
25 June 2022