Release date:
Updated on:
Affected Systems:
IBM Tivoli Event Pump 4.x
Description:
--------------------------------------------------------------------------------
IBM Tivoli Event Pump for z/OS automatically collects and forwards status events of z/OS systems and subsystems, including CICS, IMS, DB2, and third-party products.
IBM Tivoli Event Pump for z/OS saves user creden in plain text in the AOPSCLOG data set, which can be exploited by malicious users to leak sensitive information.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg1oa51186
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
For this reason, IBM has released a Security Bulletin (OA38586) and corresponding patches:
OA38586: OA38586: Secure Engineering Framework (SEF) remediation
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg1oa51186