APAR status
Closed as program error.
Error description
IBM DataPower Gateway vulnerable to network state information leakage. IBM has addressed CVE-2021-20322, CVE-2021-45485, and CVE-2021-45486
Local fix
Problem summary
IBM has addressed CVE-2021-20322, CVE-2021-45485, and CVE-2021-45486
Problem conclusion
The fix will be in 10.5.0.3 & 10.0.1.11 For a list of the latest fix packs available, please see: https://www.ibm.com/support/pages/node/83105
Temporary fix
Comments
APAR Information
APAR number
IT42605
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
A5X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-12-15
Closed date
2022-12-15
Last modified date
2022-12-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A5X","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
16 December 2022