Readme File for IBM® Spectrum
Symphony 7.2.0.2 Interim Fix 493099
Readme
File for: IBM Spectrum Symphony
Product Release: 7.2.0.2
Update Name: Interim Fix 493099
Fix ID: sym-7.2.0.2_x86_64-build493099
Publication Date: June 14, 2018
This
interim fix resolves the vertical authorization bypass vulnerability on the Symping page in IBM Spectrum Symphony 7.2.0.2.
Contents
1.
List of fixes
2.
Download location
3.
Product and components affected
4.
Installation and configuration
5.
Uninstallation
6.
List of files
7. Copyright and trademark information
1.
List of fixes
APAR: P102505
2.
Download location
Download interim
fix 493099 from the following location: https://www.ibm.com/eserver/support/fixes/
3.
Product and components affected
Component name, Platform, Fix ID:
PMC, Linux x86_64,
sym-7.2.0.2_x86_64-build493099
4.
Installation and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System requirements
Linux x86_64
Before installation
1.
Log on to the master host as the
cluster administrator and stop the WEBGUI service:
$ egosh user logon -u Admin -x Admin
$ egosh service stop WEBGUI
2. For recovery purposes, back up the following files:
$ cd $EGO_TOP
$ tar -cvf backup.tar gui/conf/useracl/permission_GUIPermissionSoam.acl
$ tar -uf backup.tar gui/3.6/lib/commons-ego.jar
3. Download
the sym-7.2.0.2_x86_64-build493099.tar.gz
file.
Installation
1. Log on to any management and compute host in
your cluster as the cluster administrator and decompress the sym-7.2.0.2_x86_64-build493099.tar.gz file to the top-level installation directory.
For example, enter:
$ tar
zxfo sym-7.2.0.2_x86_64-build493099.tar.gz -C
$EGO_TOP/
2. Copy the permission_GUIPermissionSoam.acl file to your shared directory:
$ cp
$EGO_TOP/gui/conf/useracl/permission_GUIPermissionSoam.acl $EGO_CONFDIR/../../gui/conf/useracl/
3. Delete
all subdirectories and files from the following directories:
$
rm -rf $EGO_TOP/gui/work/*
$
rm -rf $EGO_TOP/gui/workarea/*
$
rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*
4. Clear your
browser cache.
5. Start the
WEBGUI service:
$ egosh service start WEBGUI
5.
Uninstallation
If required, follow the instructions
in this section to uninstall this interim fix from your cluster.
1.
Log on to the master host as the
cluster administrator and stop the WEBGUI service:
$ egosh user
logon -u Admin -x Admin
$ egosh
service stop WEBGUI
2.
Log on to any management host in the cluster and restore your
backup:
$ cd $EGO_TOP
$ tar -xvf backup.tar
3.
Copy the permission_GUIPermissionSoam.acl backup file to your shared directory:
$ cp
$EGO_TOP/gui/conf/useracl/permission_GUIPermissionSoam.acl $EGO_CONFDIR/../../gui/conf/useracl/
4.
Delete all subdirectories and files
from the following directories:
$
rm -rf $EGO_TOP/gui/work/*
$ rm -rf $EGO_TOP/gui/workarea/*
$ rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*
5.
Clear your browser cache.
6.
Start the WEBGUI service:
$ egosh service
start WEBGUI
6.
List of files
gui/3.6/lib/commons-ego.jar
gui/conf/useracl/permission_GUIPermissionSoam.acl
7.
Copyright and trademark
information
© Copyright IBM
Corporation 2018
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.