Direct links to fixes
APAR status
Closed as program error.
Error description
CVEID: CVE-2023-26464 Description: Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender components. By sending a specially crafted hashmap or hashtable, a remote attacker could exploit this vulnerability to exhaust available memory in the virtual machine, and results in a denial of service condition.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.0 - 5.4.10 users * * * **************************************************************** * PROBLEM DESCRIPTION: * * SECURITY APAR FOR: * * CVE-2023-26464 * * * * See security bulletin for details of the vulnerabilities: * * https://www.ibm.com/support/pages/node/7004955 * **************************************************************** * RECOMMENDATION: * * Apply fix maintenance. * * * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following release: IBM Spectrum Control 5.4.10.1 [ 5.4.10.1-IBM-SC ] https://www.ibm.com/support/pages/node/359939
Temporary fix
Comments
APAR Information
APAR number
IT43964
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
549
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-06-13
Closed date
2023-06-23
Last modified date
2023-06-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSWFB4","label":"IBM Spectrum Control Standard Edition"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"549","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]
Document Information
Modified date:
02 January 2025