Question & Answer
Question
Control Center is using an older jar then recommended under CVE-2023-46604 - It is recommended to upgrade to Apache ActiveMQ version 5.15.16, 5.16.7, 5.17.6, or 5.18.3.
Cause
A scan came up with vulnerability detected for IBM Control Center version 6.2.1 for lib/ActiveMQ_Jars/activemq-all-5.16.4.jar
Answer
This vulnerability is related to Active MQ Broker and Control Center only uses the Active MQ client library and it does not have Active MQ Server or Broker. Therefore we can confirm that Control Center is not vulnerable to this CVE-2023-46604. The version of Apache ActiveMQ will still be updated in a future release of Control Center as part of our standard product update process.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSJC3O","label":"IBM Sterling Control Center Monitor"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"ARM Case Number":"TS014668331","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.2.1;6.3.0"},{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNG8A","label":"IBM Sterling Control Center Director"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.2.1;6.3.0"}]
Was this topic helpful?
Document Information
Modified date:
10 November 2023
UID
ibm17070741