Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2023-30441).

Summary

A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8.0.7.0 - 8.0.7.11, which is used by IBM Tivoli Network Manager IP Edition v4.2.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

To update the Java Runtime Environment (JRE), complete the following steps.

1. Locate the appropriate IBM JRE for your operating system on the IBM Fix Central website.

AIX: IBM Java 8.0.7.15 for AIX

Linux: IBM Java 8.0.7.15 for 64-bit Linux

zLinux: IBM Java 8.0.7.15 for Linux for z/OS

2. Download version 8.0.7.15 in archive, not binary, format and install it as per following steps.

3. Back up the directory $NCHOME/precision/jre.

4. Stop all running processes of the Network Manager Core Components and Apache Storm by using the itnm_stop command.

5. Delete the contents of the $NCHOME/precision/jre/bin and $NCHOME/precision/jre/lib directory.

6. Copy the contents of the bin and lib directories from the JRE that you installed in step 2 to $NCHOME/precision/jre/bin and $NCHOME/precision/jre/lib, respectively.

7. Restart the Network Manager Core Components and Apache Storm by using the itnm_start command. To upgrade or rollback the Network Manager Core Components, restore the backup that you made in step 3. Perform the upgrade or rollback, then perform steps 4 to 7 again.2

Workarounds and Mitigations

None