IBM Spectrum Protect Operations Center V7.1.14.x interim fix downloads

Download

Abstract

Download IBM Spectrum Protect Operations Center V7.1.14.x Interim Fixes

Download Description

Tip: Beginning with Version 7.1.3, IBM Tivoli Storage Manager is now IBM Spectrum Protect. Some applications such as the software fulfillment systems and IBM License Metric Tool use the new product name. However, the software and its product documentation continue to use the Tivoli Storage Manager product name. To learn more about the rebranding transition, see http://www.ibm.com/support/docview.wss?uid=swg21963634.

Now available
Interim fix version 7.1.14.300

This is the fix pack available for IBM Spectrum Protect Operations Center v7.1

To see the list and descriptions of the APARs fixed by this fix pack click here.
To see the list of latest IBM Spectrum Protect Client and Server fix packs click here.

Note: IBM Spectrum Protect Operations Center 7.1.14.300 requires an IBM Spectrum Protect hub server at level 7.1.14.000 or later.

[{"PRLabel":"Minimum Hardware and Software Requirements (AIX)","PRLang":"English","PRSize":"2697","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www-01.ibm.com/support/docview.wss?uid=swg21653418"},{"PRLabel":"Minimum Hardware and Software Requirements (Linux)","PRLang":"English","PRSize":"2697","PRPlat":{"label":"Linux","code":"PF016"},"PRURL":"http://www-01.ibm.com/support/docview.wss?uid=swg21653418"},{"PRLabel":"Minimum Hardware and Software Requirements (Windows)","PRLang":"English","PRSize":"2697","PRPlat":{"label":"Windows","code":"PF033"},"PRURL":"http://www-01.ibm.com/support/docview.wss?uid=swg21653418"}]

[{"INLabel":"Installation Instructions","INLang":"English","INSize":"2697","INURL":"https://www.ibm.com/support/knowledgecenter/SSGSG7_7.1.7/srv.install/t_oc_inst_install.html"}]

Problems Solved

Vulnerability in Apache Log4j affects IBM Spectrum Protect Operations Center (CVE-2021-44228)

Off

          [{"DNLabel":"V7.1.14.300 Operation Center (AIX)","DNDate":"14 Jan 2022","DNLang":"English","DNSize":"640242680 B","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.14.300","DNURL_FTP":"","DDURL":null},{"DNLabel":"V7.1.14.300 Operations Center (Linux)","DNDate":"14 Jan 2022","DNLang":"English","DNSize":"844157356 B","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.14.300","DNURL_FTP":"","DDURL":null},{"DNLabel":"V7.1.14.300 Operations Center (Windows)","DNDate":"14 Jan 2022","DNLang":"English","DNSize":"950912671 B","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.14.300","DNURL_FTP":"","DDURL":null}]
          

Technical Support

Questions relating to the Apache log4j (CVE-2021-44228) vulnerability:

Q. I still see log4j-2.8.2 files, even after I followed the manual mitigation instructions or applied the latest fixing level:

/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-1.2-api-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-api-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-core-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-slf4j-impl-2.8.2.jar

Am I still exposed to CVE-2021-44228?

A. These files do not indicate continued exposure to the vulnerability. The actual path varies from installation to installation, but the important part is workarea in the path. These JAR files do not contain executable code. They are directories which Liberty creates for its own internal caching. Liberty generally removes these directories following an upgrade. However, some Liberty versions leave these empty directories on the file system. These files pose no risk, but to get rid of them

1) Stop the Operations Center
2) Delete the entire workarea directory
Linux/AIX - /opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea
Windows - ProgramFiles\Tivoli\TSM\ui\Liberty\usr\servers\guiServer\workarea
3) Start the Operations Center (Starting the Operations Center could take slightly longer than usual while Liberty rebuilds the cache)

Q. I have a log4j*-2.0.2.jar file on my machine. Can I still apply the mitigation instructions?

A. Yes, you can replace any 2.x.x version with 2.17.1. The older log4j JAR files are on v8.1.4 and earlier.

[{"Product":{"code":"SSEQVQ","label":"IBM Spectrum Protect"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Problems (APARS) fixed
[7.1.14.300]

Was this topic helpful?

Document Information

Modified date:
14 January 2022

UID

ibm16527284

Tips