Control-M Application Integrator PAAIT.9.0.20.205
BMC Software is alerting you to a number of security vulnerabilities that were detected in Control-M Application Integrator.
Patch PAAIT.9.0.20.205 corrects these problems. You install this patch on top of Control-M/EM version 9.0.20.200.
Corrected Problems
The following table describes the corrected problems included in patch PAAIT.9.0.20.205:
Tracking Number | Description |
---|---|
CTM-9171 | An unauthenticated file write and path traversal vulnerability occurs in Application Integrator. |
CTM-9172 | An unauthenticated Denial of Service vulnerability occurs in Application Integrator. |
CTM-9173 | A Denial of Service vulnerability occurs in Application Integrator. |
CTM-9175 | A client-side user permissions vulnerability occurs in Application Integrator. |
CTM-9176 | An authenticated XXE vulnerability occurs in Application Integrator. |
CTM-9177 | The login token appears in Application Integrator log files. |
Installing the Patch on UNIX/Linux
This procedure describes how to install patch PAAIT.9.0.20.205 on UNIX/Linux.
Before You Begin
- Verify that Control-M/EM version 9.0.20.200 is installed.
- Obtain the installation package via EPD, as described in Obtaining Control-M Installation Files via EPD.
Begin
- Log in to the Control-M/EM machine.
- Untar PAAIT.9.0.20.205_EM.tar (which you obtained from EPD) into a temporary directory on the Control-M/EM Server machine.
- Shut down Application Integrator using the following command:
stop_all - Back up the current aisrv-web.jar file in the following directory:
~/<EM_HOME>/services/classes/ - Run the setup.sh file from the files that you untarred.
- Follow the on-screen instructions until the installation is complete.
- Restart Application Integrator using the following command:
start_all
Note: If you need to roll back the changes applied by the patch, shut down Application Integrator and restore the backed-up version of aisrv-web.jar.
Installing the Patch on Windows
This procedure describes how to install patch PAAIT.9.0.20.205 on Windows.
Before You Begin
- Verify that Control-M/EM version 9.0.20.200 is installed.
- Obtain the installation package via EPD, as described in Obtaining Control-M Installation Files via EPD.
Begin
- Log in to the Control-M/EM machine.
- Unzip PAAIT.9.0.20.205_EM.zip (which you obtained from EPD) into a temporary directory on the Control-M/EM Server machine.
- Shut down Application Integrator using the following command:
em emsca set-desired-state down --service aisrv-web - Back up the current aisrv-web.jar file in the following directory:
<EM_HOME>\services\classes\ - Run the setup.exe file from the files that you unzipped.
- Follow the on-screen instructions until the installation is complete.
- Restart Application Integrator using the following command:
em emsca set-desired-state up --service aisrv-web
Note: If you need to roll back the changes applied by the patch, shut down Application Integrator and restore the backed-up version of aisrv-web.jar.
Comments
Log in or register to comment.