Fixes are available
APAR status
Closed as program error.
Error description
Because the data with the Java InvokerTransformer class is deserialized, Apache Commons Collections could allow a remote attacker to send specially crafted data that runs arbitrary Java code on IBM Integration Designer. PRODUCTS AFFECTED: IBM Integration Designer
Local fix
Problem summary
No additional information is available.
Problem conclusion
A fix is available for the latest fix pack of all supported releases of Integration Designer that removes the Apache Commons Collections vulnerability for handling Java object serialization. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR54738: 1. Select IBM WebSphere Integration Developer or IBM Integration Designer from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR54738, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix. Note: You cannot copy this fix by using IBM Packaging Utility. You must install this fix separately.
Temporary fix
Comments
APAR Information
APAR number
JR54738
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-11-25
Closed date
2015-12-09
Last modified date
2016-05-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R751 PSY
UP
R801 PSY
UP
R850 PSY
UP
R855 PSY
UP
R856 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
13 October 2021