Summary

Public disclosed vulnerability (CVE-2018-5382) from Bouncy Castle fix was addressed by Platform PCM

Vulnerability Details

Data not yet populated.

Affected Products and Versions

Platform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1
Platform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1

Remediation/Fixes

None.

Workarounds and Mitigations

<Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
Platform Cluster Manager Standard Edition| 4.1.0, 4.1.1, 4.1.1.1, 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1| None| See details below
Platform Cluster Manager Advanced Edition| 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1| None| See details below

Platform Cluster Manager 4.1.x and 4.2.x

1. Download Bouncy Castle jar file bcprov-jdk15on-159.jar from the following location http://www.bouncycastle.org/latest_releases.html

2. Copy the jar file into the management node. If high availability is enabled, copy the jar file to stand-by management node, as well.

3. If high availability is enabled, shutdown stand-by management node to avoid triggering high availability.

4. On the management node, stop GUI and PERF services

HA disabled:

pmcadmin stop

perfadmin stop all

HA enabled:

egosh user logon -u Admin -x Admin

egosh service stop all

5. On management node, replace the old jar file with new one.

6. On management node, start GUI and PERF services

HA disabled:

pmcadmin start

perfadmin start all

HA enabled:

egosh user logon -u Admin -x Admin

egosh service start all