Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights

Summary

IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability (CVE-2023-46604) found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

See the following link for details of the vulnerability addressed by this procedure.
<https://activemq.apache.org/news/cve-2023-46604&gt;

Step One: If not applied already, apply Predictive Insights 1.3.6 Interim Fix 7

Note: Installation of iFix 7 is a requirement. iFix7 can be found in IBM FixCentral: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=1.3.6

Step Two: Apply the required FixPack 20 on JazzSM 1.1.3

JazzSM 1.1.3.20 can be found in IBM Fix Central here: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=fixId&fixids=1.1.3-TIV-JazzSM-multi-FP020&includeRequisites=1&includeSupersedes=0&downloadMethod=http

_Please consider the following supporting README doc file <https://www.ibm.com/support/pages/node/7083923&gt; _

Step Three: Copy the latest version of Apache ActiveMQ jar files from JazzSM FP20 to the Predictive Insights UI server profile /lib directory.

A. Stop Predictive Insights UI server: /home/scadmin/IBM/scanalytics/UI/bin/pi.sh -stop

B. Copy activemq jars from JazzSM FP20 install to Predictive Insights piserver Liberty profile:
_cp /opt/IBM/JazzSM/profile/installedApps/JazzSMNode01Cell/isc.ear/activemq-all-5.16.7.jar /opt/IBM/scanalytics/UI/wlp/usr/servers/piserver/apps/com.ibm.tivoli.rest.ear/lib/ _

cp /opt/IBM/JazzSM/profile/installedApps/JazzSMNode01Cell/isc.ear/activemq-web-5.16.7.jar /opt/IBM/scanalytics/UI/wlp/usr/servers/piserver/apps/com.ibm.tivoli.rest.ear/lib/

C. Remove (/move) the older versions:

mv /opt/IBM/scanalytics/UI/wlp/usr/servers/piserver/apps/com.ibm.tivoli.rest.ear/lib/activemq-all-5.16.4.jar ~/ mv /opt/IBM/scanalytics/UI/wlp/usr/servers/piserver/apps/com.ibm.tivoli.rest.ear/lib/activemq-web-5.16.4.jar ~/

D. Start the Predictive Insights UI server: /opt/IBM/scanalytics/UI/bin/pi.sh -start --clean

Done

Workarounds and Mitigations

None