Readme File for IBM® Spectrum
Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2.1 Interim Fix 525092
Readme
File for: IBM Spectrum Symphony and IBM Spectrum Conductor
with Spark
Product Release: 7.1.2 and 2.2.1
Update Name: Interim Fix 525092
Fix ID: sym-7.1.2-cws-2.2.1_x86_64-build525092
Publication Date: August 7, 2019
This interim fix provides the cumulative patch for a
cluster with IBM Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark
2.2.1 installed:
•
Vertical Authorization Bypass on perfguiv5
•
Path Traversal Leads to Arbitrary XML Files
Override on perfguiv5
Contents
1.
List of fixes
2.
Download location
3.
Product and components affected
4.
Installation and configuration
5.
Uninstallation
6.
List of files
7.
Product notifications
8.
Copyright and trademark information
1.
List
of fixes
APAR: P103117
2.
Download
location
Download interim
fix 525092 from the following location: https://www.ibm.com/eserver/support/fixes/
3.
Product
and components affected
Component name, Platform, Fix ID:
PMC/REST, Linux
x86_64, sym-7.1.2-cws-2.2.1_x86_64-build525092
4.
Installation
and configuration
Follow the instructions in this section
to download and install this interim fix to your cluster.
Prerequisites
Linux x86_64
Installation
1.
Log on to the master host as the cluster
administrator and stop the WEBGUI and REST services:
> egosh user
logon -u Admin -x Admin
> egosh service
stop WEBGUI REST
2. For
recovery purposes, back up the following files, which will be replaced by this
interim fix, for example:
> cd $EGO_TOP
> tar -cvf
backup.tar
wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/ReportRootRestResource.class
> tar -uf
backup.tar
wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/CustomReportRestResource.class
> tar -uf
backup.tar
wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/StandardReportRestResource.class
> tar -uf
backup.tar gui/3.6/lib/rest-ego-3.6.0.jar
> tar -uf
backup.tar wlp/usr/shared/resources/rest/3.6/rest-ego-3.6.0.jar
3. On
each management host, download the sym-7.1.2.0-cws-2.2.1.0_x86_64-build525092.tar.gz
package
and extract its contents to the $EGO_TOP installation
directory:
> tar zxfo
sym-7.1.2.0-cws-2.2.1.0_x86_64-build525092.tar.gz -C $EGO_TOP/
4.
Delete all subdirectories and files from the
following directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
> rm –rf $WLP_OUTPUT_DIR/<webgui_hostname>/gui/workarea/*
5. Clear your browser cache.
6.
From the master host, start the WEBGUI and REST services:
> egosh
service start WEBGUI REST
5.
Uninstallation
If required, follow the instructions
in this section to uninstall this interim fix from your cluster.
1.
Log on to the master host as
the cluster administrator and stop the WEBGUI and
REST services:
> egosh user
logon -u Admin -x Admin
> egosh service
stop WEBGUI REST
2.
Log on to each management host
in the cluster and restore the following files from your backup:
> cd
$EGO_TOP
> tar -xvf backup.tar
3.
Delete all subdirectories and
files from the following directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
> rm –rf $WLP_OUTPUT_DIR/<webgui_hostname>/gui/workarea/*
4.
Clear
your browser cache.
5.
From the master host, start the WEBGUI and REST services:
> egosh service
start WEBGUI REST
6.
List
of files
wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/ReportRootRestResource.class
wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/CustomReportRestResource.class
wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/StandardReportRestResource.class
gui/3.6/lib/rest-ego-3.6.0.jar
wlp/usr/shared/resources/rest/3.6/rest-ego-3.6.0.jar
7.
Product
notifications
To receive
information about product solution and patch updates automatically, subscribe
to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/
on the IBM Support website (http://support.ibm.com). You can edit your
subscription settings to choose the types of information you want to get
notification about, for example, security bulletins, fixes, troubleshooting,
and product enhancements or documentation changes.
8.
Copyright
and trademark information
© Copyright IBM
Corporation 2019
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.