Fixes are available
APAR status
Closed as program error.
Error description
Vulnerabilities in the XML processing of some components of IBM DataPower Gateways (CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449). The XML processing of some components of IBM DataPower gateways is affected by vulnerabilities that can cause a denial of service when presented with specially crafted data.
Local fix
Problem summary
XML processing vulnerabilities in some components of IBM DataPower Gateways (CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449).
Problem conclusion
Fix is available in 7.2.0.9, 7.5.0.3 and 7.5.1.2 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Comments
APAR Information
APAR number
IT16307
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
750
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-07-26
Closed date
2016-09-14
Last modified date
2016-09-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R700 PSY
UP
R710 PSY
UP
R720 PSY
UP
R750 PSY
UP
R751 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"750"}]
Document Information
Modified date:
25 September 2021