Java Security Vulnerability Alert (parseDouble vulnerability) - Information for Tivoli Netview 7.1.5.
A security vulnerability has been identified in the Java that is being shipped in the NetView products. The steps to remediate this issue are identified in this flash.
This affects all shipped versions of NetView 7.1.5 at all support levels. To remediate this issue go to the following website:
Got to the Patch availability section and download the jar file for the appropriate SDK/JRE level and platform. Place that file in a temporary directory (for example, java_fix_tempdir).
Go to the Verification section and download the ParseDoubleTest.jar file. It will be used to verify the existence of the vulnerability. Place the file in the same in temporary directory (i.e. java_fix_tempdir).
Download the IBM Update Installer (the link for it is provided within the same Patch availability section in the above URL). Unzip IBM Update Installer (to the java_fix_tempdir) and run the following command:
java -jar JavaUpdateInstaller.jar -install [patch JAR file] [JAVA_HOME of target JDK]
For example on Unix:
java -jar JavaUpdateInstaller.jar -install \java_fix_tempdir\PM31983_FIX_1.jar \usr\OV
In addition to the above changes, users who run Tivoli NetView webconsole to access the Tivoli NetView Sever should also follow the above link to update the local WebConsole install.