Java Security Vulnerability Alert (parseDouble vulnerability) - Information for IBM Tivoli Network Manager Entry/IP Edition 3.7.

This affects all shipped versions of IBM Tivoli Network Manager 3.7 at all support levels.

To remediate this issue go to the following website:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

Got to the Patch availability section and download the jar file for the appropriate SDK/JRE level and platform. Place that file in a temporary directory (for example, java_fix_tempdir).

Go to the Verification section and download the ParseDoubleTest.jar file. It will be used to verify the existence of the vulnerability. Place the file in the same in temporary directory (i.e. java_fix_tempdir).

Download the IBM Update Installer (the link for it is provided within the same Patch availability section in the above URL). Unzip IBM Update Installer (to the java_fix_tempdir) and run the command as follows (from the java_fix_tempdir):
NOTE: Stop all services prior to applying fix!

For AIX and zLinux ITNM IP Edition run:
$NCHOME/platform/<arch>/jdk_1.5.0/bin/java -jar JavaUpdateInstaller.jar -install IZ94331_FIX_1.jar $NCHOME/platform/<arch>/jdk_1.5.0

For AIX and zLinux ITNM Entry Edition run:
$NCHOME/platform/<arch>/jdk_1.4.2/bin/java -jar JavaUpdateInstaller.jar -install PM31983_FIX_1.jar $NCHOME/platform/<arch>/jdk_1.4.2

For Windows,Solaris, and Linux use a SUN JDK not IBM. To remediate this version go to the following website
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

There is one .jar file which updates all affected Sun/Oracle JRE versions. Starting the jar with the Java binary from the affected JRE, patches the JRE.

For ITNM IP Edition run:
$NCHOME/platform/<arch>/jre_1.5.0/bin/java -jar fpupdater.jar -u -v.

For ITNM Entry Edition run:
$NCHOME/platform/<arch>/jre_1.4.2/bin/java -jar fpupdater.jar -u -v.


Where <arch> is solaris2, linux2x86, linux2s390, aix5, win32 or etc.