Readme File for IBM® Spectrum Symphony 7.2.0.0 Interim Fix 545808 

Readme File for: IBM Spectrum Symphony

Product Release: 7.2.0.0

Update Name: Interim Fix 545808

Fix ID: sym-7.2-build545808

Publication Date: May 12, 2020

A security vulnerability is reported for Cross Frame Scripting version 2 (XFSv2), which is included with IBM Spectrum Symphony 7.2. The vulnerability allows application pages to be captured within a frame from another server. This interim fix adds the X-Frame-Options header to provide a resolution for this issue. 

Contents

1. List of fixes

2. Download location

3. Product and components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7.  Product notifications

8.  Copyright and trademark information


1.   List of fixes

APAR: P103543

2.   Download location

Download interim fix 545808 from the following location https://www.ibm.com/eserver/support/fixes/

3.   Product and components affected

Component name, Platform, Fix ID:

PMC, Windows x86_64, sym-7.2-build545808

4.   Installation and configuration

Follow the instructions in this section to download and install this interim fix to your cluster.

Installation

a.      Log on to the master host as the cluster administrator, and stop the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

b.      To install this interim fix on management hosts, log on to each management host, copy the sym-7.2.0.0-egocore-3.6.0.0_build545808.msp package, and complete one of the following steps:

·        To perform an interactive installation, double-click the .msp package and follow the prompts.

·        To perform a silent installation, enter the following command from the IBM Spectrum Symphony command line:

C:\>msiexec /update C:\sym-7.2.0.0-egomgmt-3.6.0.0_build545808.msp  /l*v updateSym.log /norestart /quiet REINSTALLMODE=omus

The command syntax is as follows:

C:\>msiexec /update sym_package_name_path /l*v sym_install_log /norestart /quiet REINSTALLMODE=omus

where:

sym_package_name_path is the fully qualified file name to the .msp package.

sym_install_log is the log file for the upgrade.

c.      Launch your web browser and clear the browser cache.

d.      Delete all subdirectories and files in the following directories:

      %SOAM_HOME%\..\gui\work\*

   %SOAM_HOME%\..\gui\workarea\*

e.      Log on to the master host as the cluster administrator, and start the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

5.   Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from your cluster.

a.      Log on to the master host as the cluster administrator, and stop the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

b.      To install this interim fix on management hosts, complete one of the following steps:

·        To roll back from the Windows Control Panel, go to Control Panel > Programs and Features > View installed updates, click Update for Symphony 7.2.0.0 (build “539455”), and click Uninstall

·        To roll back this interim fix on management hosts from the IBM Spectrum Symphony command line, enter the following command:

C:\>msiexec /uninstall {6824D8AF-62DB-4B57-AB87-9E59B6C46AE0} /package {2F305941-1210-4E80-BCD2-630A46A96EBD} /norestart /quiet /l*v sym_rollback.log

The command syntax is as follows:

C:\>msiexec /uninstall interim_fix_code /package product_code /norestart /quiet /l*v rollback_log

where:

interim_fix_code is the identifier of the .msp package for the interim fix; in this case, {6824D8AF-62DB-4B57-AB87-9E59B6C46AE0}.

product_code is the identifier of the .msi file in the product installation package; in this case, {2F305941-1210-4E80-BCD2-630A46A96EBD}.

rollback_log is the name of the log file to capture details of the interim fix rollback; in this case, sym_rollback.log.

c.      Delete all subdirectories and files in the following directories:

%SOAM_HOME%\..\gui\work\*

   %SOAM_HOME%\..\gui\workarea\*

d.      Launch your web browser and clear the browser cache.

e.      Log on to the master host as the cluster administrator, and start the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

6.   List of files

gui\3.6\lib\commons-ego.jar

7.   Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

8.   Copyright and trademark information

© Copyright IBM Corporation 2020

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.