×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
Control-M 9.0.20 ... Technical Bulletins Patches

Control-M Application Integrator PAAIT.9.0.20.205

BMC Software is alerting you to a number of security vulnerabilities that were detected in Control-M Application Integrator.

Patch PAAIT.9.0.20.205 corrects these problems. You install this patch on top of Control-M/EM version 9.0.20.200. 

Corrected Problems

The following table describes the corrected problems included in patch PAAIT.9.0.20.205:

Tracking NumberDescription
CTM-9171An unauthenticated file write and path traversal vulnerability occurs in Application Integrator.
CTM-9172An unauthenticated Denial of Service vulnerability occurs in Application Integrator.
CTM-9173A Denial of Service vulnerability occurs in Application Integrator.
CTM-9175A client-side user permissions vulnerability occurs in Application Integrator.
CTM-9176

An authenticated XXE vulnerability occurs in Application Integrator.

CTM-9177The login token appears in Application Integrator log files.

Installing the Patch on UNIX/Linux

This procedure describes how to install patch PAAIT.9.0.20.205 on UNIX/Linux.

Before You Begin

Begin

  1. Log in to the Control-M/EM machine.
  2. Untar PAAIT.9.0.20.205_EM.tar (which you obtained from EPD) into a temporary directory on the Control-M/EM Server machine.
  3. Shut down Application Integrator using the following command:
    stop_all
  4. Back up the current aisrv-web.jar file in the following directory:
     ~/<EM_HOME>/services/classes/
  5. Run the setup.sh file from the files that you untarred.
  6. Follow the on-screen instructions until the installation is complete.
  7. Restart Application Integrator using the following command:
    start_all

Note: If you need to roll back the changes applied by the patch, shut down Application Integrator and restore the backed-up version of aisrv-web.jar.

Installing the Patch on Windows

This procedure describes how to install patch PAAIT.9.0.20.205 on Windows.

Before You Begin

Begin

  1. Log in to the Control-M/EM machine.
  2. Unzip PAAIT.9.0.20.205_EM.zip (which you obtained from EPD) into a temporary directory on the Control-M/EM Server machine.
  3. Shut down Application Integrator using the following command:
    em emsca set-desired-state down --service aisrv-web
  4. Back up the current aisrv-web.jar file in the following directory:
     <EM_HOME>\services\classes\
  5. Run the setup.exe file from the files that you unzipped.
  6. Follow the on-screen instructions until the installation is complete.
  7. Restart Application Integrator using the following command:
    em emsca set-desired-state up --service aisrv-web

Note: If you need to roll back the changes applied by the patch, shut down Application Integrator and restore the backed-up version of aisrv-web.jar.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Yechezkel Schatz on Jan 29, 2024

Comments

Log in or register to comment.

Control-M Application Pack PA1CM.9.0.20.205
Control-M for Oracle E-business Suite Patch PAOAC.9.0.01.007
© Copyright 2013 - 2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.