A fix is available
APAR status
Closed as program error.
Error description
Vulnerabilities in the XML processing component of some IBM DataPower Gateways internal services. (CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317) The XML processing component of some IBM DataPower gateways internal services is affected by a variety of vulnerabilities that can cause a denial of service when presented with specially crafted data.
Local fix
Problem summary
Multiple CVEs (CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317) concern vulnerabilities in the processing of XML files for some internal services which can cause a denial of service. IBM DataPower Gateways versions 7.2.0.0 to 7.2.0.5 are affected by these CVEs.
Problem conclusion
Fix is available in 7.2.0.6 and 7.5.0.0 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Comments
APAR Information
APAR number
IT15089
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
720
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-04
Closed date
2016-05-13
Last modified date
2016-05-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R720 PSY
UP
R750 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 February 2022