IBM Support

IT43964: IBM SPECTRUM CONTROL SECURITY APAR FOR CVE-2023-26464

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CVEID: CVE-2023-26464
    Description: Apache Log4j is vulnerable to a denial of service,
    caused by a flaw when using the Chainsaw or SocketAppender
    components. By sending a specially crafted hashmap or hashtable,
    a remote attacker could exploit this vulnerability to exhaust
    available memory in the virtual machine, and results in a denial
    of service condition.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Spectrum Control 5.4.0 - 5.4.10 users                    *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * SECURITY APAR FOR:                                           *
    * CVE-2023-26464                                               *
    *                                                              *
    * See security bulletin for details of the vulnerabilities:    *
    * https://www.ibm.com/support/pages/node/7004955               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fix maintenance.                                       *
    *                                                              *
    ****************************************************************
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT43964

  • Reported component name

    TPC

  • Reported component ID

    5608TPC00

  • Reported release

    549

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2023-06-13

  • Closed date

    2023-06-23

  • Last modified date

    2023-06-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TPC

  • Fixed component ID

    5608TPC00

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSWFB4","label":"IBM Spectrum Control Standard Edition"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"549","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]

Document Information

Modified date:
02 January 2025