IBM Support

IBM Cloud Pak System Version 2.3.4

Download


Abstract

This document lists the fixes contained in IBM Cloud Pak® System Version 2.3.4.

Download Description

To download Version 2.3.4, go to the IBM Cloud Pak System product page on IBM Fix Central.

Security vulnerabilities

IBM Cloud Pak System Version 2.3.4 includes fixes for these security vulnerabilities:

Relevant vulnerabilities

Summary

Security Bulletin URL

CVE-2022-1292

OpenSSL (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-26377

Apache HTTP Server - CVE-2022-26377 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-28615

Apache HTTP Server - CVE-2022-28615 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-31813

Apache HTTP Server - CVE-2022-31813 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-30522

Apache HTTP Server - CVE-2022-30522 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-28614

Apache HTTP Server - CVE-2022-28614 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2012-5784, CVE-2014-3596

axis-1.4.jar (Publicly disclosed vulnerability found by WhiteSource)

https://www.ibm.com/support/pages/node/7142012

CVE-2022-32746

Samba - CVE-2022-32746 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148477

CVE-2022-1615

Samba - CVE-2022-1615 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148477

CVE-2022-43680

Expat - CVE-2022-43680 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-37866

ivy-2.2.0.jar (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7105142

CVE-2022-36760

Apache HTTP Server - CVE-2022-36760 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-37436

Apache HTTP Server - CVE-2022-37436 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-4304, CVE-2023-0215, CVE-2023-0286

OpenSSL (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148475

CVE-2022-43929, CVE-2022-43927, CVE-2014-3577

Db2 is affected by multiple vulnerabilities (February 8, 2023).

https://www.ibm.com/support/pages/node/7105374

CVE-2023-24998

commons-fileupload-1.4.jar (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7105176

CVE-2023-25690

Apache HTTP Server - CVE-2023-25690 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7135903

CVE-2023-25492, CVE-2023-25495, CVE-2023-0683

Lenovo System x (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7135906

CVE-2023-21830, CVE-2023-21843

IBM SDK, Java Technology Edition Quarterly CPU - Jan 2023 - Includes Oracle January 2023 CPU

https://www.ibm.com/support/pages/node/7005573

CVE-2022-21426

IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU

https://www.ibm.com/support/pages/node/7101430

CVE-2023-0482

IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy

https://www.ibm.com/support/pages/node/7101435

CVE-2022-31836

Beego vulnerability

https://www.ibm.com/support/pages/node/7101431

CVE-2022-39161

IBM WebSphere Application Server Liberty is vulnerable to spoofing  when using Web Server Plug-ins

https://www.ibm.com/support/pages/node/7105365

256137

Jackson - 256137 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7105096

CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597

IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU plus CVE-2023-2597

https://www.ibm.com/support/pages/node/7105298

CVE-2023-28155

request-2.88.2.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7105187

CVE-2022-38900

decode-uri-component-0.2.0.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7101428

CVE-2022-25881

http-cache-semantics-4.1.0.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7101437

CVE-2022-31129

moment-2.29.2.tgz (Publicly disclosed vulnerability found by WhiteSource)

https://www.ibm.com/support/pages/node/7105324

CVE-2022-31259, CVE-2008-7220

Vulnerable Software In Use

https://www.ibm.com/support/pages/node/7140415

CVE-2022-25883

semver-5.7.1.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7101438

CVE-2023-26115

word-wrap-1.2.3.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7101427

CVE-2023-38013

Private IP Address Disclosed in HTTP responses

https://www.ibm.com/support/pages/node/7159533

CVE-2023-38271

Sensitive Information Disclosed In CPS Logs

https://www.ibm.com/support/pages/node/7159533

CVE-2020-11023

Vulnerable Software detected  - jQuery

https://www.ibm.com/support/pages/node/7140415

CVE-2023-38714

Source code disclosure

https://www.ibm.com/support/pages/node/7159533

CVE-2023-38713

Software Version Numbers Revealed

https://www.ibm.com/support/pages/node/7159533

CVE-2020-11022

Vulnerable software detected

https://www.ibm.com/support/pages/node/7140415

CVE-2023-26136

tough-cookie-2.5.0.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7144338

CVE-2018-6561

dojo-dojo-release-1.12.1 (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7101434

CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431, CVE-2023-27869, CVE-2023-27867, CVE-2023-27868

Db2 is affected by multiple vulnerabilities (July 7, 2023)

https://www.ibm.com/support/pages/node/7105329

CVE-2023-34967

Samba - CVE-2023-34967 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148477

CVE-2023-34968

Samba - CVE-2023-34968 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148477

CVE-2023-29409

Golang go - CVE-2023-29409 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7105284

CVE-2023-3894

Jackson - CVE-2023-3894 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7105096

CVE-2022-46751

ivy-2.1.0-rc1.jar (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7105142

CVE-2022-37865

ivy-2.1.0-rc1.jar (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7105142

CVE-2023-4759

org.eclipse.jgit-4.0.3.201509231615-r.jar (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7101429

CVE-2023-4607

Lenovo System x (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7135906

CVE-2023-4806

GNU glibc - CVE-2023-4806 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148477

CVE-2023-39318

Golang go - CVE-2023-39318 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7101432

CVE-2023-39319

Golang go - CVE-2023-39319 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7101432

CVE-2023-4911

GNU glibc - CVE-2023-4911 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7148477

CVE-2023-39323

Golang go - CVE-2023-39323 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7105141

CVE-2023-39325

Golang go - CVE-2023-39325 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7105284

CVE-2021-3749, CVE-2020-28168

axios-0.19.2.tgz (Publicly disclosed vulnerability found by WhiteSource)

https://www.ibm.com/support/pages/node/7101436

CVE-2022-24785

moment-2.24.0.tgz (Publicly disclosed vulnerability found by WhiteSource)

https://www.ibm.com/support/pages/node/7105281

CVE-2022-25758

scss-tokenizer-0.3.0.tgz (Publicly disclosed vulnerability found by WhiteSource)

https://www.ibm.com/support/pages/node/7159240

CVE-2022-25858

terser-5.14.0.tgz (Publicly disclosed vulnerability found by WhiteSource)

https://www.ibm.com/support/pages/node/7101433

CVE-2023-45284

Golang go - CVE-2023-45284 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7159724

CVE-2023-45283

Golang go - CVE-2023-45283 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7159724

CVE-2023-44483

WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario

https://www.ibm.com/support/pages/node/7148473

CVE-2023-22081, CVE-2023-22067, CVE-2023-5676

IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676

https://www.ibm.com/support/pages/node/7148476

CVE-2023-39326

Golang go - CVE-2023-39326 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7140415

CVE-2023-45285

Golang go - CVE-2023-45285 (Publicly disclosed vulnerability)

https://www.ibm.com/support/pages/node/7140415

CVE-2023-26159

follow-redirects-1.15.2.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7140415

CVE-2024-28849

follow-redirects-1.15.2.tgz (Publicly disclosed vulnerability found by Mend)

https://www.ibm.com/support/pages/node/7140415

CVE-2023-22045, CVE-2023-22049

Java Unspecified vulnerability

https://www.ibm.com/support/pages/node/7161913

For more information about IBM Product Security articles, see these links:

IBM Cloud Pak System problem fixes

The following table contains the problem fixes that are included in this release.

Optional: If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.4.

IBM Cloud Pak System APARs
Document Description
IT41971 CWZIP6239E The amount of free space on file system /var/log is critical.
IT42554 Workload Mobility regression discovered in IBM Cloud Pak System Software 2.3.3.3 Interim fix 1.
IT43064 Unable to connect access to the IBM Cloud Pak System user interface.
DT392181 Db2 instance does not start correctly after a non-graceful reboot on IBM Cloud Pak System.
DT393380 CLI client "Pure.cli' fails with newer Java levels.
IT44430 Retrieving the kubeadmin password fails.
DT393378 On IBM Cloud Pak System W4600, the Infrastructure map shows the Input power total as zero.
Backup failed after a Virtual Appliance was deployed.
The pattern IVA Db2 11.5 HADR v0.98 needs write access for workloads instead of read.
DT393382
Change the default IBM Cloud Pak System GPFS default pattern.
IBM Cloud Pak System pattern deployments fail and display the following error:
CWZIP1913E an error occurred when the system contacted the placement engine
DT392200 The IBM Cloud Pak System primary virtual machine loses network connectivity after reboot.
DT392393 CWZIP3509E: The Call Home request failed while submitting a request to create a new service ticket for IBM Cloud Pak System.
DT392005 ITM Agent does not start due to a 60-second delay when stopping and starting VSI/VMS on IBM Cloud Pak System.
DT392218 IBM Cloud Pak System - Warehouse database pruning not working in ITM System Monitoring shared service patterns running Db2 11.5.

Off
[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"ARM Category":[{"code":"a8m0z000000cwm2AAA","label":"Product Components"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.3.4"}]

Problems (APARS) fixed
IT41971; IT42554; IT43064; DT393380; IT44430; DT393378; IT45381; IT45499; DT393382; IT44869; DT392200; DT392393; DT392005; DT392218

Document Information

Modified date:
28 August 2024

UID

ibm16982501

Page Feedback