APAR status
Closed as program error.
Error description
WebSphere eXtreme Scale encryption for Dynacache entries was using MD5, which is insecure
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of WebSphere eXtreme Scale V7.1.1, * * V8.5, & V8.6.0 * **************************************************************** * PROBLEM DESCRIPTION: A vulnerability in IBM * * WebSphere eXtreme Scale Client could * * expose sensitive information. * **************************************************************** * RECOMMENDATION: * **************************************************************** CVEID: CVE-2016-2861 DESCRIPTION: IBM WebSphere eXtreme Scale uses weaker than expected security to encrypt data which could allow an attacker that is able to capture network traffic to decrypt sensitive information. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112657 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Problem conclusion
See recommended fixes page for Websphere eXtreme Scale at: http://www-01.ibm.com/support/docview.wss?uid=swg27018991
Temporary fix
Comments
APAR Information
APAR number
PI60904
Reported component name
WS EXTREME SCAL
Reported component ID
5724X6702
Reported release
860
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-04-15
Closed date
2016-07-25
Last modified date
2016-08-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PI60905 PI64190
Fix information
Fixed component name
WS EXTREME SCAL
Fixed component ID
5724X6702
Applicable component levels
R711 PSY
UP
R850 PSY
UP
R860 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTVLU","label":"WebSphere eXtreme Scale"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"860","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
30 August 2016