Download
Abstract
Download IBM Spectrum Protect Operations Center V8.1.13.x Interim Fixes
Download Description
Tip: Beginning with Version 7.1.3, IBM Tivoli Storage Manager is now IBM Spectrum Protect. Some applications such as the software fulfillment systems and IBM License Metric Tool use the new product name. However, the software and its product documentation continue to use the Tivoli Storage Manager product name. To learn more about the rebranding transition, see http://www.ibm.com/support/docview.wss?uid=swg21963634.
Now available
Interim fix version 8.1.13.400
This is the fix pack available for IBM Spectrum Protect Operations Center v8.1
- To see the list and descriptions of the APARs fixed by this fix pack click here.
- To see the list of latest IBM Spectrum Protect Client and Server fix packs click here.
Note: IBM Spectrum Protect Operations Center 8.1.13.400 requires an IBM Spectrum Protect hub server at 8.1.13.000 or later.
[{"PRLabel":"Minimum Hardware and Software Requirements (AIX)","PRLang":"English","PRSize":"2697","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www-01.ibm.com/support/docview.wss?uid=swg21653418"},{"PRLabel":"Minimum Hardware and Software Requirements (Linux)","PRLang":"English","PRSize":"2697","PRPlat":{"label":"Linux","code":"PF016"},"PRURL":"http://www-01.ibm.com/support/docview.wss?uid=swg21653418"},{"PRLabel":"Minimum Hardware and Software Requirements (Windows)","PRLang":"English","PRSize":"2697","PRPlat":{"label":"Windows","code":"PF033"},"PRURL":"http://www-01.ibm.com/support/docview.wss?uid=swg21653418"}]
[{"INLabel":"Installation Instructions","INLang":"English","INSize":"2697","INURL":"https://www.ibm.com/support/knowledgecenter/en/SSEQVQ_8.1.0/srv.install/t_oc_inst_install.html"}]
Off
[{"DNLabel":"V8.1.13.400 Operation Center (AIX)","DNDate":"30 Jun 2022","DNLang":"English","DNSize":"637437514 B","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/8.1.13.400/","DNURL_FTP":"","DDURL":null},{"DNLabel":"V8.1.13.400 Operations Center (Linux)","DNDate":"30 Jun 2022","DNLang":"English","DNSize":"841352187 B","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/8.1.13.400/","DNURL_FTP":"","DDURL":null},{"DNLabel":"V8.1.13.400 Operations Center (Windows)","DNDate":"30 Jun 2022","DNLang":"English","DNSize":"948107502 B","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/8.1.13.400/","DNURL_FTP":"","DDURL":null}]
Technical Support
Questions relating to the Apache log4j (CVE-2021-44228) vulnerability:
Q. I still see log4j-2.8.2 files, even after I followed the manual mitigation instructions or applied the latest fixing level:
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-1.2-api-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-api-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-core-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-slf4j-impl-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-api-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-core-2.8.2.jar
/opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea/org.eclipse.osgi/55/data/cacheAdapt/com.ibm.ws.app.manager_40/WEB-INF/lib/log4j-slf4j-impl-2.8.2.jar
Am I still exposed to CVE-2021-44228?
A. These files do not indicate continued exposure to the vulnerability. The actual path varies from installation to installation, but the important part is workarea in the path. These JAR files do not contain executable code. They are directories which Liberty creates for its own internal caching. Liberty generally removes these directories following an upgrade. However, some Liberty versions leave these empty directories on the file system. These files pose no risk, but to get rid of them
A. These files do not indicate continued exposure to the vulnerability. The actual path varies from installation to installation, but the important part is workarea in the path. These JAR files do not contain executable code. They are directories which Liberty creates for its own internal caching. Liberty generally removes these directories following an upgrade. However, some Liberty versions leave these empty directories on the file system. These files pose no risk, but to get rid of them
1) Stop the Operations Center
2) Delete the entire workarea directory
Linux/AIX - /opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/workarea
Windows - ProgramFiles\Tivoli\TSM\ui\Liberty\usr\servers\guiServer\workarea
3) Start the Operations Center (Starting the Operations Center could take slightly longer than usual while Liberty rebuilds the cache)
Q. I have a log4j*-2.0.2.jar file on my machine. Can I still apply the mitigation instructions?
A. Yes, you can replace any 2.x.x version with 2.17.1. The older log4j JAR files are on v8.1.4 and earlier.
[{"Product":{"code":"SSEQVQ","label":"IBM Spectrum Protect"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
07 August 2023
UID
ibm16527288