IBM Unica Optimize 8.6.0 Fixes

Downloadable files


This page shows the fixes for IBM Unica Optimize.

Download Description

Product: Unica Optimize
Version: Fix Pack GA Release
Date: May 15, 2015

Important Notes

1. The OpenSSL library is upgraded to version 1.0.2a and SSLv3.0 support has been disabled to address POODLE security vulnerability.

2. If SSL is already configured and you are applying Optimize FP, you must disable SSLv3.0 support on Websphere or Weblogic by applying the required patch or configuration for the application server. For details, see Section III, Task 3 - SSL Configuration below.

**Without the application server patch or configuration, SSL will stop working.**

Security Fixes

1. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher-text using a padding Oracle side-channel attack. More details are available in the upstream OpenSSL advisory.

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechanism known as Transport Layer Security (TLS).

For onwards SSLv3 is not supported. Now Campaign supports only TLSv1.0.

2. The OpenSSL library was upgraded to version 1.0.2a to disable RC4 to counter the RC4 Bar Mitzvah Attack for SSL/TLS vulnerability.

2.1 RC4 Bar Mitzvah Attack for SSL/TLS vulnerability:
Below is the summary of the RC4 Bar Mitzvah Attack for SSL/TLS vulnerability:

The Bar Mitzvah Attack exploits a previously known vulnerability in the RC4 component of the SSL/TLS communication protocols. This exploit allows the attacker to partially decrypt information sent between two computer systems across a network. This can be a serious security issue because RC4 reportedly
protects as much as 30 percent of Internet SSL traffic and decrypted material may include passwords, credit card numbers, browser cookies, etc.

2.2 Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)

The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency, this can be used to crash any certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable, including OpenSSL clients and servers that enable client authentication.

2.3 Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.

2.4 X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.

IBM Campaign v8.6.0.10 uses the OpenSSL library only for communication between the web application server and the listener (analytical) server.

List of Fixes:


Known Issues:

Unable to edit user fields on the Rule Definition page when a strategic segment is selected. To work around this issue, the user can use the keyboard tab to navigate to the user field and make the necessary changes.

Although this fix pack installer requests the user to perform Automatic or Manual Database Setup, no database schema update is required. The default setting can be used, and no manual database step is required to complete the installation.

Although there is no Database Schema update in this fix pack, the PreInstall Summary screen shows:
Optimize Database Setup Manual.
This can be ignored, and no manual step is required to complete installation.

Issues fixed in previous fix packs on 8.6.0, included in this release

Fix Pack

OpenSSL is vulnerable to a denial of service, caused by a memory leak when handling failed session ticket integrity checks. By sending an overly large number of invalid session tickets, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server.

Fix Pack

(APAR PO03086, DEF157537)
Unable to schedule an Optimize session run successfully, which is located under subfolders. For example, Opt1 is an optimization, and it is located under "All Optimize Session > folder1 > folder2>". Due to the defect, a user was unable to schedule an Opt1 Optimize session. This is now fixed.

(APAR PO02766, DEF179084)
IBM Unica Optimize generates incorrect results when the same customerid is given offers on multiple channels and a set of "Never A with B" rules are defined, which are circular and mutually exclusive. This is observed in a very specific case. This is now fixed.

(PMR 180237, DEF180849)
A IBM Campaign error displayed when user adds or removes an offer or segment to be displayed from the Optimize session summary page of a session that was or has been scheduled. This is now fixed.

Fix Pack

Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. This is fixed.

Apache Commons FileUpload and Tomcat are vulnerable to a denial of service. This is fixed.

Fix Pack

Optimize returned incorrect results when FEC rules were configured with minimum constraints and the over the time period was set to zero. This is fixed.

(APAR133897, DEF133898)
The calculated score matrix was ignored while an Optimization session was executed, and the results were incorrect. This was happening for a specific scenario. This is fixed.

Fix Pack

Generation Loop error should not terminate the Optimize session execution.
Solution: This fix allows the Generation loop error to be set to a non-fatal error. The change skips processing of the chunk for which the Generation Loop error occurs.

After applying this fix pack, follow these steps to configure the Generation Loop errors to be non-fatal.
- Edit ACOServer.bat
- Add the following line before the line "# OPTIMIZE_HOME: ..."
- Edit
- Add the following lines before the line "# OPTIMIZE_HOME: ..."

To make the Generation Loop error fatal again, comment out or delete the lines added above and restart the ACO listener. After making any changes to "" or "ACOServer.bat", always restart the ACO listener so that these changes take effect. Before restarting the ACO listener, ask all users to log out of Unica Optimize and stop all running sessions, and also make sure all ACO Server processes are stopped.

After making the Generation Loop error non-fatal, an ACO session run will no longer fail with the Generation Loop error. The ACO Session will skip processing of the problematic chunk which causes the Generation Loop error. It will also log customer IDs of customers in this skipped chunk in the ACO server log at logging levels HIGH and ALL. The ACO Reports do not explicitly reflect information about skipped customers because of this error. However, these customers will be shown as rejected in the summary line of the report. To find out the list of customers skipped, run the Optimize session with 'Enable Bailout Logging' set to true along with SKIP_CHUNK_ON_ERROR=GEN_LOOP_ERROR. After executing the session, analyze the ACO server log manually and find the list of skipped customer IDs in it by searching for the string "Skipped Customer IDs".

WRONG OUTPUT IN POA TABLE FOR CELLNAME FIELD Inserting string values into the POA table did not show the correct cell name. When writing the cell name information from Campaign to the PCT table, everything looks
correct. However, when looking at the POA table, the user field, which contains the cell name, shows one value incorrectly. This is fixed.

Optimize session name should not allow special character. This is fixed. If the user enters any special character, they will get a validation error message and the session will not be saved.

Fix Pack

(APAR PO01184, DEF65143)
If the end user changes the DB2 system tables database user, it causes the Optimize session to fail. This is fixed.

Known issues:

Note: Release Notes from IBM Unica Optimize still apply to fix pack releases.

Although this fix pack installer requests the user to perform Automatic or Manual Database Setup, no database schema update is required. The default setting can be used, and no manual database step is required to complete the installation.

Although there is no Database Schema update in this fix pack, the PreInstall Summary screen shows:
Optimize Database Setup Manual.
This can be ignored, and no manual step is required to complete installation.

Fix Pack


Fix Pack

(APAR PO00424, DEF11540)
Optimize server crashed intermittently while processing the FEC Min/Max rule on AIX. This is fixed.

Fix Pack



Important! It is mandatory that all IBM Unica products installed should be at the same fix pack level.

Base Product Version Dependency:
This fix pack requires IBM Unica Optimize 8.6.0 or any fix pack 8.6.0.x

Other Product Version Dependencies:
This fix pack requires IBM Unica Marketing Platform and IBM Unica Campaign at version

Installation Instructions

IBM Unica Optimize Fix Pack can be applied only over IBM Unica Optimize version or any Interim Fix provided on this release.

Installation Steps:

I. Task 1 - Before you begin:

  1. Ask all users to log out of IBM Unica application and stop all running Optimize sessions. Make sure all ACO Server processes are stopped.
  2. Stop the IBM Unica Optimize listener process which was started with "" or "ACOServer.bat".
  3. Take a backup of or ACOOptAdmin.bat file located at <OPTIMIZE_HOME>/tools/bin directory.

II. Task 2 - IBM Unica Optimize Installer:
  1. Log in to the system, where IBM Unica Optimize is installed, as the same user who installed the original version of the product.
  2. Put the IBM Unica Installer and IBM Unica Optimize installer in the same directory.
  3. If you are executing Fix Pack installer on AIX, run "slibclean" command from terminal before invoking the installer.
  4. Run the IBM Unica Installer and select IBM Unica Optimize to install.
  5. Select the directory in which all IBM Unica products are installed.
  6. Select the current IBM Unica Optimize installation directory as the install location if it is not selected automatically.

Note: If the Fix Pack installer cannot find the appropriate previously installed release, contact IBM Technical Support for assistance.

III. Task 3 - Restart IBM Unica Optimize listener:
  1. Start the IBM Unica Optimize listener process with "" or "ACOServer.bat".
  2. Confirm that the version information for this installation of IBM Unica Optimize is The version can be confirmed:
      • from the version.txt file in Optimize Home directory
      • in the About Page inside the IBM Unica Campaign application after applying the Fix Pack
  3. Update or ACOOptAdmin.bat file located at <OPTIMIZE_HOME>/tools/bin with the earlier settings from the Original file.

Download package

Fix pack installers:

    IBM Unica Optimize:

    IBM Unica Installer:

Files Included in Fix Pack Installers:
    Unix and Windows:
    1. Contents of $OPTIMIZE_HOME/bin directory except following files:

    For Windows:
    ACOServer.bat/, xpauth.xpr, xprl.dll, xprs.dll

    For Unix:, xpauth.xpr,*

    2. $OPTIMIZE_HOME/conf/optimize_subcomponent_version.xml

    3. Contents of $OPTIMIZE_HOME/tools directory

    Note: $OPTIMIZE_HOME is the fully qualified path to the IBM Unica Optimize home directory.

Document information

More support for:

IBM Contact Optimization

Software version:


Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:


Modified date:


Translate my page

Content navigation