Fixes are available
APAR status
Closed as program error.
Error description
Vulnerability in usage of DiskFileItem class of Apache Commons FileUpload CVE-2016-1000031
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Users of Information Server components in various release streams **************************************************************** PROBLEM DESCRIPTION: Apache Commons FileUpload, as used in IBM InfoSphere Information Server, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. **************************************************************** RECOMMENDATION: Refer to Security bulletin www.ibm.com/support/docview.wss?uid=swg22010019 for actions to perform. ****************************************************************
Problem conclusion
Upgrade Apache Commons FileUpload
Temporary fix
Comments
APAR Information
APAR number
JR58580
Reported component name
INFO SRVR PLATF
Reported component ID
5724Q3612
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-10-26
Closed date
2017-11-30
Last modified date
2017-11-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INFO SRVR PLATF
Fixed component ID
5724Q3612
Applicable component levels
RB31 PSY
UP
RB50 PSY
UP
RB70 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZJPZ","label":"InfoSphere Information Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.1","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
17 October 2021