A security vulnerability has been identified in the Java that is being shipped in the ITNM 3.7 products. The steps to remediate this issue are identified in this flash
This affects all shipped versions of IBM Tivoli Network Manager 3.7 at all support levels.
To remediate this issue go to the following website:
Got to the Patch availability section and download the jar file for the appropriate SDK/JRE level and platform. Place that file in a temporary directory (for example, java_fix_tempdir).
Go to the Verification section and download the ParseDoubleTest.jar file. It will be used to verify the existence of the vulnerability. Place the file in the same in temporary directory (i.e. java_fix_tempdir).
Download the IBM Update Installer (the link for it is provided within the same Patch availability section in the above URL). Unzip IBM Update Installer (to the java_fix_tempdir) and run the command as follows (from the java_fix_tempdir):
NOTE: Stop all services prior to applying fix!
For AIX and zLinux ITNM IP Edition run:
$NCHOME/platform/<arch>/jdk_1.5.0/bin/java -jar JavaUpdateInstaller.jar -install IZ94331_FIX_1.jar $NCHOME/platform/<arch>/jdk_1.5.0
For AIX and zLinux ITNM Entry Edition run:
$NCHOME/platform/<arch>/jdk_1.4.2/bin/java -jar JavaUpdateInstaller.jar -install PM31983_FIX_1.jar $NCHOME/platform/<arch>/jdk_1.4.2
For Windows,Solaris, and Linux use a SUN JDK not IBM. To remediate this version go to the following website
There is one .jar file which updates all affected Sun/Oracle JRE versions. Starting the jar with the Java binary from the affected JRE, patches the JRE.
For ITNM IP Edition run:
$NCHOME/platform/<arch>/jre_1.5.0/bin/java -jar fpupdater.jar -u -v.
For ITNM Entry Edition run:
$NCHOME/platform/<arch>/jre_1.4.2/bin/java -jar fpupdater.jar -u -v.
Where <arch> is solaris2, linux2x86, linux2s390, aix5, win32 or etc.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.