How to download interim fixes to patch IBM JRE CVEs

Question

A security bulletin indicates that you need to install an interim fix to patch the T6 JRE (Java Runtime Environment). How do you download this interim fix?

Answer

IBM Security Bulletins list Common Vulnerabilities and Exposures (CVE) that need to be fixed in the JRE used by the T6 agent to run scripts.

These bulletins refer to a specific interim fix that you need to install, such as 7.4.0.0-TIV-CAMRT-IF0016.

You download these interim fixes from IBM Fix Central:

<http://www.ibm.com/support/fixcentral/&gt;

When you try to identify the interim fixes for a particular version, such as V7.4, Fix Central is not able to find the fixes.

Use the following procedure to search for these interim fixes:

1. Instead of identifying a specific version in theInstalled Version entry, selectAll.

2) Select Browse for fixes.

3) Wait for Fix Central to prepare a list.

4. Select the interim fix from the list.

Searching for Security Bulletins

You should be receiving security bulletins if you have registered for notifications on the IBM Support Portal. Security bulletins have titles like the following:

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

To search for RRT security updates, google a search topic like:

IBM RRT security updates for JRE(S)

You can also browse the IBM Support Portal (https://www.ibm.com/support/entry/portal). Here, you can search for updates and products, review your support programs, and submit service requests.

If you have not already registered for notifications, click the Support notifications link and follow the instructions.

Related Information

National Vulnerability Database (NVD)

Which CVEs are included in a JRE version

[{“Product”:{“code”:“SS5MD2”,“label”:“Tivoli Composite Application Manager for Transactions”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Component”:“ITCAM TRANSACT RRT 5724S79RR v710”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF033”,“label”:“Windows”}],“Version”:“7.4”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

Historical Number

28256.442.000

Product Synonym

ITCAMfT