IBM Support

IT14160: MULTIPLE VULNERABILITIES IN JAVA AFFECT TIVOLI STORAGE FLASHCOPY MANAGER FOR VMWARE

A fix is available

Download Information: Version 4.1.4.1 Interim Fix: IBM Spectrum Protectâ„¢ Snapshot

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • *VULNERABILITY SUMMARY*

There are multiple vulnerabilities in JAVA that is used by
Tivoli Storage FlashCopy Manager for VMware.

*VULNERABILITY DETAILS*

CVEID: CVE-2015-4872
DESCRIPTION: An unspecified vulnerability in Oracle Java SE and
JRockit related to the Security component has no confidentiality
impact, partial integrity impact, and no availability impact.

CVEID: CVE-2015-7575
DESCRIPTION: The TLS protocol could allow weaker than expected
security caused by a collision attack when using the MD5 hash
function for signing a ServerKeyExchange message during a TLS
handshake. An attacker could exploit this vulnerability using
man-in-the-middle techniques to impersonate a TLS server and
obtain credentials.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* Tivoli Storage FlashCopy Manager for VMware 3.1, 3.2, and    *
* 4.1.                                                         *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Refer to the following security bulletins:                   *
* http://www.ibm.com/support/docview.wss?uid=swg21979496       *
* http://www.ibm.com/support/docview.wss?uid=swg21978694       *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This defect is currently  *
* projected to be fixed with IBM Tivoli Storage FlashCopy      *
* Manager for VMware v3.1.1.4, v3.2.0.7, and v4.1.4.1. Note    *
* that until the fixing level is available, this information   *
* is subject to change at the discretion of IBM.               *
****************************************************************

    



Problem conclusion


    

  • The problem described in this APAR has been fixed so that it no
longer occurs.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT14160
    • 

  • Reported component name
    FLSHCPYMGR VMWA
    • 

  • Reported component ID
    5608AC6VM
    • 

  • Reported release
    31L
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-03-07
    • 

  • Closed date
    2016-03-07
    • 

  • Last modified date
    2016-04-25
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • JAVA

    



Fix information


    

  • Fixed component name
    FLSHCPYMGR VMWA
    • 

  • Fixed component ID
    5608AC6VM
    • 



Applicable component levels


    

  • R31L  PSY
       UP
    • 

  • R32L  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS36V9","label":"Tivoli Storage FlashCopy Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 January 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback