Fixes are available
APAR status
Closed as program error.
Error description
Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15) (Publicly disclosed vulnerability)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.4.x and IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * A vulnerability in Apache Log4j could allow an * * attacker to execute arbitrary code on the * * system. * * * * See security bulletin for details of the vulnerability: * * https://www.ibm.com/support/pages/node/6537036 * **************************************************************** * RECOMMENDATION: * * Spectrum Control users, apply fix maintenance * * when available. * * * * Storage Insights users upgrade Data Collectors. * ****************************************************************
Problem conclusion
See security bulletin for details: https://www.ibm.com/support/pages/node/6537036 The fix for this APAR is contained in the following releases: IBM Storage Insights 4Q21 [ 54X-IBM-SI ] IBM Spectrum Control 5.4.5.2 [ 5.4.5-IBM-SC-FP0002 ] https://www.ibm.com/support/pages/node/359939
Temporary fix
Comments
APAR Information
APAR number
IT39489
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
544
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-12-22
Closed date
2022-01-07
Last modified date
2022-01-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC
Fixed component ID
5608TPC00
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNE44","label":"Tivoli Storage Productivity Center"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"544"}]
Document Information
Modified date:
25 June 2022