IBM Support

IZ85351: CATEGORY I SECURITY FINDING FOR ITM SUPPLIED JAVA

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The customer has a Category I security finding for the version
    of Java that installs with the ITM Installer and components.
    This vulnerability will require the customer to remove all
    traces of the ITM components from their environment until the
    issues is resolved.
    
    
    RECREATE INSTRUCTIONS:
    
    
    On Windows:
    Install 06.22.01.00
    Run the command
    C:\IBM\ITM\java\java50\jre\bin\java.exe -fullversion
    Notice that the version is not the same or higher as the
    following:
    java full version "J2RE 1.5.0 IBM .... (SR12 FP1)"
    
    
    On Unix:
    
    Install 06.22.01.00
    Run the command
    $CANDLEHOME/JRE/*/bin/java -fullversion
    Notice that the version is not the same or higher than the
    following:
    java full version "J2RE 1.5.0 ..... (SR12 FP1)"
    

Local fix

  • M/A
    

Problem summary

  • Security audit failure with current version of IBM Tivoli
    Monitoring supplied Java.
    
    The version of Java that installs with the IBM Tivoli Monitoring
    installer and components contains a Category I security issue.
    The IBM Tivoli Monitoring supplied Java has been uplifted to 1.5
    SR12 FP1 which resolves the security audit failure.
    

Problem conclusion

  • Uplifted the IBM Tivoli Monitoring supplied Java to 1.5 SR12 FP1
    which resolves the security audit failure.
    
    
    The fix for this APAR is contained in the following maintenance
    packages:
    
      | fix pack | 6.2.2-TIV-ITM-FP0004
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ85351

  • Reported component name

    OMEG DIST INSTA

  • Reported component ID

    5608A41CI

  • Reported release

    622

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-09-21

  • Closed date

    2011-03-18

  • Last modified date

    2011-04-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    OMEG DIST INSTA

  • Fixed component ID

    5608A41CI

Applicable component levels

  • R622 PSY

       UP

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"622"}]

Document Information

Modified date:
30 December 2022