A fix is available
APAR status
Closed as program error.
Error description
IBM WEBSPHERE APPLICATION SERVER LIBERTY SECURITY VULNERABILITIES
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.x and IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * CVE-2021-29842 * * IBM WebSphere Application Server 7.0, 8.0, 8.5, * * 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could * * allow a remote user to enumerate usernames due * * to a difference of responses from valid and invalid * * login attempts. IBM X-Force ID: 205202. * * * * CVE-2021-35517 * * Apache Commons Compress is vulnerable to a * * denial of service, caused by an out of memory error * * when allocating large amounts of memory. By * * persuading a victim to open a specially-crafted TAR * * archive, a remote attacker could exploit this * * vulnerability to cause a denial of service condition * * against services that use Compress' tar package. * * * * CVE-2021-36090 * * Apache Commons Compress is vulnerable to a denial * * of service, caused by an out-of-memory error when * * large amounts of memory are allocated. By reading * * a specially-crafted ZIP archive, a remote attacker * * could exploit this vulnerability to cause a denial of * * service condition against services that use * * Compress' zip package. * * * * * * See security bulletin for details of the vulnerability: * * https://www.ibm.com/support/pages/node/6524930 * **************************************************************** * RECOMMENDATION: * * Spectrum Control users, apply fix maintenance * * when available. * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following releases: IBM Storage Insights 4Q21 [ 54X-IBM-SI ] IBM Spectrum Control 5.4.5 [ 5.4.5-IBM-SC ] https://www.ibm.com/support/pages/node/359939
Temporary fix
Comments
APAR Information
APAR number
IT38868
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
544
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-10-28
Closed date
2021-12-16
Last modified date
2022-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"544"}]
Document Information
Modified date:
25 June 2022