IC88002: VULNERABILITIES WITH TPC CLIENT-SIDE JAVA DEPLOYMENTS WHERE UNTRUSTED CODE MAY BE EXECUTED.
Closed as program error.
There are a number of vulnerabilities in the IBM JAVA SDK versions that affect various components (ORB, XML and JMX). Some of the issues need to be combined in sequence to achieve an exploit. This occurs when the affected JRE is installed as the system JRE. For example this can occur when a JRE is running Java applet or Web Start application. These vulnerabilities are only applicable to client-side Java deployments where untrusted code may be executed. The TPC versions affected include: 5.1.0 4.2.0 through 18.104.22.168 (4.2.2 FP3) 4.1.x 3.x
Until a fix is available with TPC, download IBM Java 6 SR12 from the developerWorks site for AIX and Linux. Contact IBM support if you need the IBM Java 6 SR12 package for Windows. Uninstall any existing Java versions you have and install IBM Java 6 SR12.
USERS AFFECTED: All TPC users who download IBM Java from TPC for the Java Web Start GUI prior to TPC 5.1.1. PROBLEM DESCRIPTION: TPC 5.1.0 includes IBM Java 6 SR 9 or earlier, which is affected by a security vulnerability.
The Java packaged with TPC has been updated to resolve the issue. Use IBM Java 6 SR12 or higher. The fix for this APAR is targeted for the following maintenance package: | fix pack | 5.1.1-TIV-TPC-FP0001 - December 2012 http://www-01.ibm.com/support/docview.wss?&uid=swg21320822 The target dates for future fix packs do not represent a formal commitment by IBM. The dates are subject to change without notice. The following steps apply to the Tivoli Storage Productivity Center GUI launched via Java Web Start on remote systems. * Uninstall any versions of Java prior to IBM Java 6 SR12. * Download and install IBM Java 6 SR12. * Launch the Tivoli Storage Productivity Center GUI using the JNLP file and Java Web Start. Note: Do not use the IBM JRE 1.6.0 or IBM SDK 1.6.0 links provided with the affected Tivoli Storage Productivity Center versions. Once you have upgraded your Tivoli Storage Productivity Center components to a level with the fix, you can use the links again as they will then allow you to download IBM Java 6 SR12. Until the fix is available in a Tivoli Storage Productivity Center maintenance release, you can download the new Java 6 SR12 packages directly from the IBM developerWorks web site or by contacting IBM Support.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels