Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - April 2021 CPU (CVE-2021-2163)

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by v4.1.0.4 to 4.1.0.7 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in April 2021.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

The recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on ‘Download link’ in the table below.

• If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.4, please apply interim fix “4.1.0.4-TIV-ITSAMP-<OS>-IF0017” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.4.
• If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.5, please apply interim fix “4.1.0.5-TIV-ITSAMP-<OS>-IF0011” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.5.
• If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.6, please apply interim fix “4.1.0.6-TIV-ITSAMP-<OS>-IF0006” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.6.
• If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.7, please apply interim fix “4.1.0.7-TIV-ITSAMP-<OS>-IF0004” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.7.

Workarounds and Mitigations

None