4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
Public disclosed vulnerability (CVE-2018-5382) from Bouncy Castle fix was addressed by Platform HPC
Data not yet populated
Platform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1
None.
<Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
_Platform HPC _| 4.1.1, 4.1.1.1, 4.2.0, 4.2.1| None| See details below
Platform HPC 4.1.x and 4.2.x
1. Download Bouncy Castle jar file bcprov-jdk15on-159.jar from the following location http://www.bouncycastle.org/latest_releases.html
2. Copy the jar file into the management node. If high availability is enabled, copy the jar file to stand-by management node, as well.
3. If high availability is enabled, shutdown stand-by management node to avoid triggering high availability.
4. On the management node, stop GUI and PERF services
HA disabled:
HA enabled:
5. On management node, replace the old jar file with new one.
6. On management node, start GUI and PERF services
HA disabled:
HA enabled:
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum cluster foundation | eq | 4.1.0 | |
ibm spectrum cluster foundation | eq | 4.1.1 | |
ibm spectrum cluster foundation | eq | 4.2 |
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N