IBM Support

IBM Tivoli Network Manager IP 3.9.0.4 Interim Fix 1, 3.9.0.4-TIV-ITNMIP-IF0001

Download


Abstract

Interim Fix 3.9.0.4-TIV-ITNMIP-IF0001 updates Fix Pack 4 for the CORE, Agent and GUI
components important securities and code fixes

Download Description

3.9.0.4-TIV-ITNMIP-CORE-IF0001-CORE, 3.9.0.4-TIV-ITNMIP-GUI-IF0001 and 3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-IF0001 are available as a separate install. They can be installed independently.
Note: Users must read attached readme files before proceeding with IF0001 install.
==========================================================================
3.9.0.4-TIV-ITNMIP-GUI-IF0001

This Interim Fix addresses Apache Struts ClassLoader advisory and Cross-Site Request Forgery (CSRF) in ITNM IP v3.9 Fix Pack 4.
It also bundles, based on ITNM 3.9 FP4 baseline, critical fixes affecting the GUI component of the ITNM product. The fixes included in this bundle are provided as a single solution therefore they cannot be uncoupled i.e they cannot be installed or removed individually.

A customer who wishes to upgrade TIP 2.2.0.15 should upgrade their installed applications in the following order:

    (1) From ITNM 3.9 Fix Pack 4 to ITNM 3.9 Fix Pack 4 Interim Fix 1
    (2) From Web GUI 7.4 to Web GUI 7.4 Fix Pack 3
    (3) From TIP 2.2.0.x to TIP 2.2.0.15
A customer who wishes to upgrade to the latest ITNM release, but does not wish to upgrade to TIP 2.2.0.15 at the present time: should upgrade from ITNM 3.9 Fix Pack 4 to ITNM 3.9 Fix Pack 4 Interim Fix 1. Subsequently customer can upgrade 2.2.0.15 at later time when required.
    List of GUI APARs addressed in IF0001:
    IV44515: ITNM 3.9 MIB GRAPH LOSES COLLECTED MIB DATA
    IV58749: MIBGRAPH GRAPH REFRESH INTERVAL SETTING DIDN'T UPDATE
    IV59835: Context is lost in structure tree panel on structure when TIP is restarted
    IV60742: LAYER 2 CONNECTIVITY IS MISSING IN SOME VIEWS
    IV60992: CORE AND GUI SET THE TIMESTAMPS INCONSISTENTLY RESULTING 0 NODES IN NETWORKVIEWS
    IV60422: NETWORK VIEWS URL DOES NOT WORKING AFTER RESTART TIP.
    IV61467: ITNM WEBTOOLS PROBLEM WITH IBM LB
    IV61701: MIB GRAPH IS NOT WORKING IN ITNM 3.9 FP4 | MDVREGR 3.9.0-TIV-ITNMIP-FP0004 |)
    IV61678: ERROR IN HEALTHVIEW (AEL) AS WELL AS EXCEPTION WHEN REGISTERING NETWORKVIEWTREE
    IV62920: NETWORK VIEW FILTERED VIEW FILTER IS INCORRECTLY PARSED
    IV61300: EVENTS DO NOT PROPAGATE CORRECTLY IN THE SSO SETUP FOR NOI
    IV63434: NETWORK VIEW EVENT FILTERED VIEW CONSTRUCTS WRONG TRANSIENT WEBTOP ENTITY FILTER
    IV65238 : GROUP AND USER NAME ATTIBUTE IN SECURITY FILTER DO NOT WORK

    Security APARs address in IF0001:
    IV61063: ITNM IS AFFECTED BY APACHE STRUTS 1.1 ADVISORIES
    Description: ITNM is impacted with Apache Struts ClassLoader security vulnerability.
    ITNM is using Apache Struts 1.1 which as listed in CVE-2014-0114 as impacted.
    http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html
    IV56239: Cross-Site Request Forgery (CSRF)
    Description: Application forms do not include tokens which can be used to verify the source of the POST request, exposing the application to Cross-Site Request Forgery (CSRF) attacks. For example, an attacker could embed malicious HTML or JavaScript code into an email or Web site to force a request that performs a sensitive transaction, which would execute without the user's knowledge.

    Updates to other Tivoli product support
    In addition to the other Tivoli products supported by Network Manager 3.9 Fix Pack 4, this interim fix also supports the following:
      OMNIbus 7.3.1 Fix Pack 10 and 7.4 Fix Pack 3
      WebGUI 7.4 Fix Pack 3 and 7.3.1 Fix Pack 7
      TIP 2.2.0.13 and 2.2.0.15 (required for Internet Explorer 11 and Firefox 31 ESR browser support)

    Updates to Java/JRE support
    In addition to the Java/JRE supported by Network Manager 3.9 Fix Pack 4, this interim fix also supports the following:
      Oracle JRE 1.7 update 71
      Oracle JRE 1.8 update 25

    Updates to browser support
    In addition to the browsers supported by Network Manager 3.9 Fix Pack 4, this interim fix also supports the following:
      Firefox 31 ESR
      Internet Explorer 11.
    Note: FireFox 31 ESR and Internet Explorer 11 require Tivoli Integrated Portal V2.2.0.15 and Tivoli Netcool/OMNIbus Web GUI V7.4.0.3.

    Known GUI IF0001 minor issues:
    • On Microsoft Internet Explorer 11, when the SNMP MIB Graph portlet is accessed from Network Availability, the browser will crash if you scroll through the poll definition list in the configuration panel using the mouse. This problem does not occur when the SNMP MIB Graph portlet is launched in context from another interface (such as the Hop View or network views).

    • Workaround: To avoid this problem, use the up and down arrow keys to navigate through the poll definition list; once these keys are used in a particular session, it is then possible to use the scrollbar again for the remainder of the current browser session.
    • AEL will failed to load popup window on IE 11 in WebGUI 7.4 FixPack 3 and TIP 2.2.0.15 environment.

    • Workaround: From the IE11 browser, go to Tools -> Compatibility View Settings -> add "ibm.com" into compatibility view and checked the "Display intranet sites in Compatibility view" and "Use Microsoft Compatibility lists" checkboxes.
      Clear browser cache then restart the IE11 browser.
    • Scrollbar missing on path views window

    • Workaround: User need to increase size of windows to scroll through path views.

    ===============================================================================================
    3.9.0.4-TIV-ITNMIP-CORE-IF0001
    This Interim Fix includes critical fixes affecting the poller and model components of the core product.

    List of Core/Poller APARs addressed in IF0001:
    IV60992: ITNM Core and ITNM GUI set the timestamps inconsistently resulting 0 nodes in network views.
    IV61404: When Poll policies contain interface filters an interface can be excluded if the definition of the interface in NCIM shows NULL for access IP address.
    IV62311: Poller issues alerts on interface who have become unmanaged by a discovery.
    IV60293: Poller can fail while performing IPV6 polling when the system does not support IPV6
    IV61266: After running for some time, ncp_config exits unexpectedly and creates a core file.
    IV63213: memory improvements for ncp_disco process
    IV62853: ncp_model hangs causing OQL queries to timeout and keeping further topology updates from being processed.
    IV57757: When using device filtering in ITNM Poller with filtering on "mainNodeDetails.colName" where colNames are substrings of one another the poller does not correctly parse the filter.
    IV67099: The monitorLastUpdate timestamp can get set incorrectly if the remote database server and core server time clocks are not synchronized.
    ==========================================================================================

    3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-IF0001

    This interim fix address OpenSSL vulnerabilities that exist in the OpenSSL library.

    Tivoli Network Manager IP Edition 3.9 Fixpack 4 added HTTPS support for three Perl Collectors.
    (Alcatel5620SamSoap collector, Alcatel5620SamSoapFindtoFile collector, and Alcatel5529IdmSoap collector ).

    OpenSSL 1.0.1j upgrade is required for user using Perl Collector in Secure Channel.
    OpenSSL 1.0.1j source package is downloadable from ftp://ftp.openssl.org/source/old/1.0.1/
    The source package requires the user to build it manually on ITNM server.
    OpenSSL 1.0.1j is mandatory if the user has Alcatel devices in his network and plans to use Alcatel Collector for discovery.

    To address recent OpenSSL advisories, these three Perl collectors have been updated to use TLS as the default cryptographic protocol for communicating with the source EMS.

    List of OpenSSL security fixes address in IF0001
    IV61480 - The current ALU SAM 5620 collectors uses CryptSSLeay Perl library, which is compiled against a vulnerable version of the OpenSSL package.

    Please review attached 3.9.0.4_README_CORE_OpenSSL_IF0001 file for the detail.

    NOTE: Windows image is not available at this time. Plan to release soon.

    Prerequisites

    IBM Tivoli Network Manager V3.9 and Fix Pack 4 must be installed before applying the Interim Fix 01. IBM Tivoli Network Manager IP Edition 3.9.0.4 is available at http://www-01.ibm.com/support/docview.wss?uid=swg24034724

    Installation Instructions

    Full details on installation prerequisites and installation steps for this Interim Fix can be found in attached readme files.

    NOTE:
    If upgrading an existing IBM Tivoli Network Manager (ITNM) 3.9 installation that is using Tivoli Integrated Portal (TIP) version 2.2.0.15, you will need the TIP FIT package. The TIP FIT package contains a TIP signature file used with TIP 2.2.0.15 Fix Packs.

    To obtain the TIP signature files, download them from Fix Central -->
    http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Integrated+Portal&release=All&platform=All&function=all

    Please use the same user id that you used to install the product/fix pack to extract these and then run the fix pack installer.

    [{"INLabel":"3.9.0.4_README_CORE_IF0001","INLang":"English","INSize":"8622","INURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4_README_CORE_IF0001&product=ibm%2FTivoli%2FTivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch"},{"INLabel":"3.9.0.4_README_CORE_OpenSSL_IF0001","INLang":"English","INSize":"8622","INURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4_README_CORE_OpenSSL_IF0001&product=ibm%2FTivoli%2FTivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch"},{"INLabel":"3.9.0.4_README_GUI_IF0001","INLang":"English","INSize":"12576","INURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4_README_GUI_IF0001&product=ibm%2FTivoli%2FTivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch"},{"INLabel":"3.9.0.4_README_NLS_IF0001","INLang":"Language Independent","INSize":"81089","INURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4_README_NLS_IF0001&product=ibm%2FTivoli%2FTivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch"}]
    Off
    [{"DNLabel":"3.9.0.4-TIV-ITNMIP-GUI-Unix-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"152020913","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-GUI-Unix-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-GUI-Windows-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"152003739","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-GUI-Windows-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-AIX-CORE-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"15859128","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-AIX-CORE-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-Linux-CORE-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"18688230","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-Linux-CORE-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-Solaris-CORE-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"12043928","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-Solaris-CORE-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-Windows-CORE-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"11576346","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-Windows-CORE-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-zLinux-CORE-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"18967079","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-zLinux-CORE-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-AIX-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"790305","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-AIX-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-Linux-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"724421","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-Linux-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-Solaris-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"706401","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-Solaris-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-zLinux-IF0001","DNDate":"12 Dec 14","DNLang":"Language Independent","DNSize":"561616","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-zLinux-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-Windows-IF0001","DNDate":"12 Jan 15","DNLang":"Language Independent","DNSize":"666457","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=3.9.0.4-TIV-ITNMIP-CORE-OpenSSL-Windows-IF0001&product=ibm/Tivoli/Tivoli%20Network%20Manager%20IP%20Edition&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]
    [{"Product":{"code":"SSSHRK","label":"Tivoli Network Manager IP Edition"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"3.9","Edition":"FP4","Line of Business":{"code":"LOB45","label":"Automation"}}]

    Problems (APARS) fixed
    IV44515;IV58749;IV59835;IV60742;IV60992;IV60422;IV61467;IV61701;IV61678;IV62920;IV61300;IV63434;IV65238 ;IV60992;IV61404;IV62311;IV60293;IV61266;IV63213;IV62853;IV57757;IV67099;IV61063;IV56239;IV61480

    Document Information

    Modified date:
    15 June 2018

    UID

    swg24039027