Flash (Alert)
Abstract
Tivoli Configuration Manager Java parseDouble vulnerability
Content
The Tivoli Configuration Manager Software Package Editor component is impacted by the "Denial of Service Security Exposure with Java JRE/JDK hanging when converting 2.2250738585072012e-308 number (CVE-2010-4476) (PM32387)".
The Tivoli Configuration Manager versions affected are:
- Version 4.2.3 with JVM 1.3.1
- Version 4.3.1 with JVM 1.4.2
For more details about this issue, see the following technotes:
1) WebSphere Application Server technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21462019#solution_dist
2) Java technote:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
The Support Team changed the Software Package Editor code in order to no longer invoke the affected Java API ParseDouble().
The fix will be available in :
- 4.3.1-TIV-TCM-FP0003 (GA date 2Q 2011)
- 4.2.3-TIV-TCM-FP0012 (GA date 3Q 2011)
In case you need fixes before the GA dates, please contact the Support Team that will provide Interim Fixes or LAs on top of your Tivoli Configuration Manager level.
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.