IBM Support

Java parseDouble vulnerability

Flash (Alert)


Tivoli Configuration Manager Java parseDouble vulnerability


The Tivoli Configuration Manager Software Package Editor component is impacted by the "Denial of Service Security Exposure with Java JRE/JDK hanging when converting 2.2250738585072012e-308 number (CVE-2010-4476) (PM32387)".
The Tivoli Configuration Manager versions affected are:

  • Version 4.2.3 with JVM 1.3.1
  • Version 4.3.1 with JVM 1.4.2

For more details about this issue, see the following technotes:

1) WebSphere Application Server technote:

2) Java technote:

The Support Team changed the Software Package Editor code in order to no longer invoke the affected Java API ParseDouble().

The fix will be available in :
- 4.3.1-TIV-TCM-FP0003 (GA date 2Q 2011)
- 4.2.3-TIV-TCM-FP0012 (GA date 3Q 2011)

In case you need fixes before the GA dates, please contact the Support Team that will provide Interim Fixes or LAs on top of your Tivoli Configuration Manager level.

Document information

More support for: Tivoli Configuration Manager
IBM Tivoli Configuration Manager

Software version: 4.2.3, 4.3.1

Operating system(s): Platform Independent

Reference #: 1469229

Modified date: 07 March 2011

Translate this page: