Flashes (Alerts)
Abstract
This document lists the critical updates, HIPER (Highly Pervasive) APAR fixes which should be applied to IBM DataPower Gateways (formerly referred to as WebSphere DataPower SOA Appliances).
Content
This document is kept current to provide you with the latest information. You can monitor for updates to this document using My Notifications. Important support information is also posted on Twitter.
This document describes Critical Actions you should take to mitigate or prevent problem and Critical Updates (including HIPER APARs which are APARs where the problem is Highly Pervasive) along with circumventions where possible.
Table of contents:
Critical Actions
Important: Create a privileged user id as a back up for the "admin" user id. This will allow you to reset the "admin" user id's password in case that password is lost or forgotten, or in case the "admin" id is locked out.
In order to increase the security features of the appliance, the lockout duration feature was added. APAR IC65339 reports a problem where the "admin" id is locked out when an incorrect password is entered multiple times for this id. The "admin" is continues to be locked out after the lock out duration has expired. Another privileged user id can reset the "admin" id's password regardless if the APAR fix is applied or not.
See: "admin" password lost or forgotten for IBM WebSphere DataPower SOA Appliances
Critical Updates
Important:
- Before installing any fix pack, review DataPower Knowledge Collection on firmware updates. This document provides best practices for upgrading firmware and information on downloading firmware images from Fix Central.
- The release notes on all currently supported firmware releases and links to download the fix packs can be found here http://www-01.ibm.com/support/docview.wss?uid=swg21414503
01/07/2015: Critical updates: Apply fix packs.
APAR | Description | Resolution |
IT06055 | Symptom: CVE-2014-8730 - STRICTLY ENFORCE VERIFYING TLS BLOCK CIPHER PADDING Users Affected: Customers vulnerable to CVE-2014-8730 Circumvention: Apply fix packs 7.0.0.4, 7.1.0.2 | Fixpacks: 7.1.0.x 7.0.0.x |
Symptom: CVE-2014-8730 - VULNERABILITY IN TRANSPORT LAYER SECURITY (TLS) PADDING AFFECTS IBM SECURITY ACCESS MANAGER FOR DATAPOWER Users Affected: Customers vulnerable to CVE-2014-8730 when using IBM Security Access Manager for DataPower version 8.0.0.5 Circumvention: Apply fix packs 7.1.0.2 http://www-01.ibm.com/support/docview.wss?uid=swg21692934 | 7.1.0.x |
06/19/2014: Critical updates: Apply fix packs.
APAR | Description | Resolution |
IT02314 | Symptom: CVE-2014-0224 - VULNERABILITY IN SSL CHANGECIPHERSPEC PROCESSING Users Affected: Customers vulnerable to CVE-2014-0224 Circumvention: Apply fix packs 7.1.0.2 http://www-01.ibm.com/support/docview.wss?uid=swg21692934 | Fixpacks: 7.1.0.x |
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21390112