Download
Abstract
This document lists the fixes contained in IBM Cloud Pak® System Version 2.3.4.
Download Description
To download Version 2.3.4, go to the IBM Cloud Pak System product page on IBM Fix Central.
Security vulnerabilities
IBM Cloud Pak System Version 2.3.4 includes fixes for these security vulnerabilities:
Relevant vulnerabilities |
Summary |
Security Bulletin URL |
---|---|---|
CVE-2022-1292 |
OpenSSL (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-26377 |
Apache HTTP Server - CVE-2022-26377 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-28615 |
Apache HTTP Server - CVE-2022-28615 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-31813 |
Apache HTTP Server - CVE-2022-31813 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-30522 |
Apache HTTP Server - CVE-2022-30522 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-28614 |
Apache HTTP Server - CVE-2022-28614 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2012-5784, CVE-2014-3596 |
axis-1.4.jar (Publicly disclosed vulnerability found by WhiteSource) |
https://www.ibm.com/support/pages/node/7142012 |
CVE-2022-32746 |
Samba - CVE-2022-32746 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148477 |
CVE-2022-1615 |
Samba - CVE-2022-1615 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148477 |
CVE-2022-43680 |
Expat - CVE-2022-43680 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-37866 |
ivy-2.2.0.jar (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7105142 |
CVE-2022-36760 |
Apache HTTP Server - CVE-2022-36760 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-37436 |
Apache HTTP Server - CVE-2022-37436 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 |
OpenSSL (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148475 |
CVE-2022-43929, CVE-2022-43927, CVE-2014-3577 |
Db2 is affected by multiple vulnerabilities (February 8, 2023). |
https://www.ibm.com/support/pages/node/7105374 |
CVE-2023-24998 |
commons-fileupload-1.4.jar (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7105176 |
CVE-2023-25690 |
Apache HTTP Server - CVE-2023-25690 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7135903 |
CVE-2023-25492, CVE-2023-25495, CVE-2023-0683 |
Lenovo System x (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7135906 |
CVE-2023-21830, CVE-2023-21843 |
IBM SDK, Java Technology Edition Quarterly CPU - Jan 2023 - Includes Oracle January 2023 CPU |
https://www.ibm.com/support/pages/node/7005573 |
CVE-2022-21426 |
IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU |
https://www.ibm.com/support/pages/node/7101430 |
CVE-2023-0482 |
IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy |
https://www.ibm.com/support/pages/node/7101435 |
CVE-2022-31836 |
Beego vulnerability |
https://www.ibm.com/support/pages/node/7101431 |
CVE-2022-39161 |
IBM WebSphere Application Server Liberty is vulnerable to spoofing when using Web Server Plug-ins |
https://www.ibm.com/support/pages/node/7105365 |
256137 |
Jackson - 256137 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7105096 |
CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 |
IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597 |
https://www.ibm.com/support/pages/node/7105298 |
CVE-2023-28155 |
request-2.88.2.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7105187 |
CVE-2022-38900 |
decode-uri-component-0.2.0.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7101428 |
CVE-2022-25881 |
http-cache-semantics-4.1.0.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7101437 |
CVE-2022-31129 |
moment-2.29.2.tgz (Publicly disclosed vulnerability found by WhiteSource) |
https://www.ibm.com/support/pages/node/7105324 |
CVE-2022-31259, CVE-2008-7220 |
Vulnerable Software In Use |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2022-25883 |
semver-5.7.1.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7101438 |
CVE-2023-26115 |
word-wrap-1.2.3.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7101427 |
CVE-2023-38013 |
Private IP Address Disclosed in HTTP responses |
https://www.ibm.com/support/pages/node/7159533 |
CVE-2023-38271 |
Sensitive Information Disclosed In CPS Logs |
https://www.ibm.com/support/pages/node/7159533 |
CVE-2020-11023 |
Vulnerable Software detected - jQuery |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2023-38714 |
Source code disclosure |
https://www.ibm.com/support/pages/node/7159533 |
CVE-2023-38713 |
Software Version Numbers Revealed |
https://www.ibm.com/support/pages/node/7159533 |
CVE-2020-11022 |
Vulnerable software detected |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2023-26136 |
tough-cookie-2.5.0.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7144338 |
CVE-2018-6561 |
dojo-dojo-release-1.12.1 (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7101434 |
CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868 |
Db2 is affected by multiple vulnerabilities (July 7, 2023) |
https://www.ibm.com/support/pages/node/7105329 |
CVE-2023-34967 |
Samba - CVE-2023-34967 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148477 |
CVE-2023-34968 |
Samba - CVE-2023-34968 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148477 |
CVE-2023-29409 |
Golang go - CVE-2023-29409 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7105284 |
CVE-2023-3894 |
Jackson - CVE-2023-3894 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7105096 |
CVE-2022-46751 |
ivy-2.1.0-rc1.jar (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7105142 |
CVE-2022-37865 |
ivy-2.1.0-rc1.jar (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7105142 |
CVE-2023-4759 |
org.eclipse.jgit-4.0.3.201509231615-r.jar (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7101429 |
CVE-2023-4607 |
Lenovo System x (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7135906 |
CVE-2023-4806 |
GNU glibc - CVE-2023-4806 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148477 |
CVE-2023-39318 |
Golang go - CVE-2023-39318 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7101432 |
CVE-2023-39319 |
Golang go - CVE-2023-39319 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7101432 |
CVE-2023-4911 |
GNU glibc - CVE-2023-4911 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7148477 |
CVE-2023-39323 |
Golang go - CVE-2023-39323 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7105141 |
CVE-2023-39325 |
Golang go - CVE-2023-39325 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7105284 |
CVE-2021-3749, CVE-2020-28168 |
axios-0.19.2.tgz (Publicly disclosed vulnerability found by WhiteSource) |
https://www.ibm.com/support/pages/node/7101436 |
CVE-2022-24785 |
moment-2.24.0.tgz (Publicly disclosed vulnerability found by WhiteSource) |
https://www.ibm.com/support/pages/node/7105281 |
CVE-2022-25758 |
scss-tokenizer-0.3.0.tgz (Publicly disclosed vulnerability found by WhiteSource) |
https://www.ibm.com/support/pages/node/7159240 |
CVE-2022-25858 |
terser-5.14.0.tgz (Publicly disclosed vulnerability found by WhiteSource) |
https://www.ibm.com/support/pages/node/7101433 |
CVE-2023-45284 |
Golang go - CVE-2023-45284 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7159724 |
CVE-2023-45283 |
Golang go - CVE-2023-45283 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7159724 |
CVE-2023-44483 |
WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario |
https://www.ibm.com/support/pages/node/7148473 |
CVE-2023-22081, CVE-2023-22067, CVE-2023-5676 |
IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676 |
https://www.ibm.com/support/pages/node/7148476 |
CVE-2023-39326 |
Golang go - CVE-2023-39326 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2023-45285 |
Golang go - CVE-2023-45285 (Publicly disclosed vulnerability) |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2023-26159 |
follow-redirects-1.15.2.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2024-28849 |
follow-redirects-1.15.2.tgz (Publicly disclosed vulnerability found by Mend) |
https://www.ibm.com/support/pages/node/7140415 |
CVE-2023-22045, CVE-2023-22049 |
Java Unspecified vulnerability |
https://www.ibm.com/support/pages/node/7161913 |
For more information about IBM Product Security articles, see these links:
- https://www.ibm.com/support/pages/bulletin/
- https://www.ibm.com/support/pages/ibm-security-vulnerability-management
IBM Cloud Pak System problem fixes
The following table contains the problem fixes that are included in this release.
Optional: If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.4.
Document | Description |
---|---|
IT41971 | CWZIP6239E The amount of free space on file system /var/log is critical. |
IT42554 | Workload Mobility regression discovered in IBM Cloud Pak System Software 2.3.3.3 Interim fix 1. |
IT43064 | Unable to connect access to the IBM Cloud Pak System user interface. |
DT392181 | Db2 instance does not start correctly after a non-graceful reboot on IBM Cloud Pak System. |
DT393380 | CLI client "Pure.cli' fails with newer Java levels. |
IT44430 | Retrieving the kubeadmin password fails. |
DT393378 | On IBM Cloud Pak System W4600, the Infrastructure map shows the Input power total as zero. |
Backup failed after a Virtual Appliance was deployed.
|
|
The pattern IVA Db2 11.5 HADR v0.98 needs write access for workloads instead of read.
|
|
DT393382 |
Change the default IBM Cloud Pak System GPFS default pattern.
|
IBM Cloud Pak System pattern deployments fail and display the following error:
CWZIP1913E an error occurred when the system contacted the placement engine
|
|
DT392200 | The IBM Cloud Pak System primary virtual machine loses network connectivity after reboot. |
DT392393 | CWZIP3509E: The Call Home request failed while submitting a request to create a new service ticket for IBM Cloud Pak System. |
DT392005 | ITM Agent does not start due to a 60-second delay when stopping and starting VSI/VMS on IBM Cloud Pak System. |
DT392218 | IBM Cloud Pak System - Warehouse database pruning not working in ITM System Monitoring shared service patterns running Db2 11.5. |
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
28 August 2024
UID
ibm16982501