Direct links to fixes
APAR status
Closed as program error.
Error description
CICS Explorer Security Problem
Local fix
Problem summary
CICS Explorer allows users to make connections to servers, encrypted using the SSLv3 protocol. SSLv3 suffers from the POODLE vulnerability (see http://www.ibm.com/support/docview.wss?uid=swg21687988 for more details).
Problem conclusion
Updating all servers to disable SSLv3 is the preferred approach to avoiding this vulnerability. Additionally, the CICS Explorer client has been updated to package a new Java Runtime Environment (JRE) that does not allow SSLv3 connections. Note that if you are using the CICS Explorer product you must install a fresh copy, rather than using the update mechanism within CICS Explorer, to receive the new JRE. If you are using the CICS Explorer SDK installed into a version of Eclipse, you must make your own arrangements to update your JRE. If you try and make a connection to a server that requires SSLv3 after installing this update, you will receive the error message: IZE0106E Connect failed with error "java.security.NoSuchAlgorithmException: SSLv3 SSLContext not available". This fix will be made available in Versions 1.1.1.5, 1.1.0.4, 1.0.1.4 and 1.0.0.9 of the CICS Explorer. For installation instructions please see: Ordering maintenance for the IBM CICS Explorer http://www.ibm.com/support/docview.wss?uid=swg21380083
Temporary fix
Comments
APAR Information
APAR number
IV67030
Reported component name
CICS EXPLORER V
Reported component ID
5655S9701
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-11-18
Closed date
2014-12-09
Last modified date
2014-12-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
EXPLORER
Fix information
Fixed component name
CICS EXPLORER V
Fixed component ID
5655S9701
Applicable component levels
R111 PSY
UP
R110 PSY
UP
R101 PSY
UP
R100 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC8GK3","label":"Explorer"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
09 December 2014