A fix is available
APAR status
Closed as program error.
Error description
DataPower is vulnerable to ROBOT attacks on V10. More Information on ROBOT: https://robotattack.org/
Local fix
This attack specifically targets Cipher-suites containing RSA Key Exchanges. Disabling any Cipher-suites in your SSL Server/Client profiles containing 'RSA' unless they also include 'DHE or ECDHE' will prevent exploitation.
Problem summary
The security issues CVE-2020-4831 (ROBOT) is addressed.
Problem conclusion
Fix is available in 10.0.1.1 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Comments
APAR Information
APAR number
IT34481
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
A0X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-10-08
Closed date
2020-11-19
Last modified date
2020-12-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R100 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A0X"}]
Document Information
Modified date:
14 September 2021