Readme File for IBM® Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2.1 Interim Fix 525092

Readme File for: IBM Spectrum Symphony and IBM Spectrum Conductor with Spark

Product Release: 7.1.2 and 2.2.1

Update Name: Interim Fix 525092

Fix ID: sym-7.1.2-cws-2.2.1_x86_64-build525092

Publication Date: August 7, 2019

This interim fix provides the cumulative patch for a cluster with IBM Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2.1 installed:

        Vertical Authorization Bypass on perfguiv5

        Path Traversal Leads to Arbitrary XML Files Override on perfguiv5


Contents

1. List of fixes

2. Download location

3. Product and components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7. Product notifications

8. Copyright and trademark information

1.    List of fixes

APAR: P103117

2.    Download location

Download interim fix 525092 from the following location: https://www.ibm.com/eserver/support/fixes/

3.    Product and components affected

Component name, Platform, Fix ID:                                                             

PMC/REST, Linux x86_64, sym-7.1.2-cws-2.2.1_x86_64-build525092

4.    Installation and configuration

Follow the instructions in this section to download and install this interim fix to your cluster.

Prerequisites

Linux x86_64

Installation

1.      Log on to the master host as the cluster administrator and stop the WEBGUI and REST services:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI REST

2.      For recovery purposes, back up the following files, which will be replaced by this interim fix, for example:

> cd $EGO_TOP

> tar -cvf backup.tar wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/ReportRootRestResource.class

> tar -uf backup.tar wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/CustomReportRestResource.class

> tar -uf backup.tar wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/StandardReportRestResource.class

> tar -uf backup.tar gui/3.6/lib/rest-ego-3.6.0.jar

> tar -uf backup.tar wlp/usr/shared/resources/rest/3.6/rest-ego-3.6.0.jar

3.      On each management host, download the sym-7.1.2.0-cws-2.2.1.0_x86_64-build525092.tar.gz package and extract its contents to the $EGO_TOP installation directory:

> tar zxfo sym-7.1.2.0-cws-2.2.1.0_x86_64-build525092.tar.gz -C $EGO_TOP/

4.      Delete all subdirectories and files from the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

> rm -rf $EGO_TOP/kernel/rest/workarea/*

> rm –rf $WLP_OUTPUT_DIR/<webgui_hostname>/gui/workarea/*

5.      Clear your browser cache.

6.      From the master host, start the WEBGUI and REST services:

> egosh service start WEBGUI REST

5.    Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from your cluster.

1.      Log on to the master host as the cluster administrator and stop the WEBGUI and REST services:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI REST

2.      Log on to each management host in the cluster and restore the following files from your backup:

> cd $EGO_TOP

> tar -xvf backup.tar

3.      Delete all subdirectories and files from the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

> rm -rf $EGO_TOP/kernel/rest/workarea/*

> rm –rf $WLP_OUTPUT_DIR/<webgui_hostname>/gui/workarea/*

4.      Clear your browser cache.

5.      From the master host, start the WEBGUI and REST services:

> egosh service start WEBGUI REST

6.    List of files

wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/ReportRootRestResource.class

wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/CustomReportRestResource.class

wlp/usr/servers/gui/apps/perf/3.6/perfguiv5/WEB-INF/classes/com/platform/perf/report/rest/StandardReportRestResource.class

gui/3.6/lib/rest-ego-3.6.0.jar

wlp/usr/shared/resources/rest/3.6/rest-ego-3.6.0.jar

7.    Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes. 

8.    Copyright and trademark information

© Copyright IBM Corporation 2019

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.