Re: [ADSM-L] Fwd: FLASH: Security Bulletin: Vulnerability in Apache Comm

Hi Bob,

Using the Operations Center only requires the hub server to be at that 
level.
The servers you manage can be at whatever other levels you want. 
(The caveat being that often times new features are tied to the data 
that is exchanged between the spoke and hub servers. 
Those new capabilities may not be possible with the back-level servers.)

We see many of our customers deploy a small hub server for the purpose 
of being able to upgrade the OC when they want without affecting their 
"production" servers. It's not an absolute requirement, 
but helps you gain the most up-to date OC enhancements 
without touching your production servers. 


Thank you,

Del

----------------------------------------------------


"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/11/2015 
03:25:07 PM:

> From: Robert Talda <rpt4 AT CORNELL DOT EDU>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 12/11/2015 03:25 PM
> Subject: Fwd: FLASH: Security Bulletin: Vulnerability in Apache 
> Commons affects IBM Tivoli Storage Manager Operations Center (OC) 
> and Client Management Services (CMS) (CVE-2015-7450) (2015.12.11)
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> 
> Wonderful.  Security risk in Operations Center 7.1.3.000 that I just
> installed - and the only resolution?  Upgrade to Operations Center 
> 7.1.4.000 - which just so happens to require TSM Server v 7.1.4.000.
> We’ve just installed TSM Server v 7.1.3.000 in our test environment;
> upgrade to v7.1.4.000 is months away.  So hence, is our use of the 
> Operations Center.
> 
> Unless, that is, there will be a patch for Op Center 7.1.3.000 
forthcoming?
> 
> Robert Talda
> EZ-Backup Systems Engineer
> Cornell University
> +1 607-255-8280
> rpt4 AT cornell DOT edu<mailto:rpt4 AT cornell DOT edu>
> 
> 
> Begin forwarded message:
> 
> From: IBM My Notifications <mynotify AT stg.events.ihost DOT com<
> mailto:mynotify AT stg.events.ihost DOT com>>
> Subject: FLASH: Security Bulletin: Vulnerability in Apache Commons 
> affects IBM Tivoli Storage Manager Operations Center (OC) and Client
> Management Services (CMS) (CVE-2015-7450) (2015.12.11)
> Date: December 11, 2015 at 1:26:42 PM EST
> To: <RPT4 AT CORNELL DOT EDU<mailto:RPT4 AT CORNELL DOT EDU>>
> 
> 
> My notifications for  Software - 11 Dec 2015
> 
> 
------------------------------------------------------------------------------
> 1.  Tivoli Storage Manager Extended Edition: Security bulletin
> 
> - TITLE: Security Bulletin: Vulnerability in Apache Commons affects 
> IBM Tivoli Storage Manager Operations Center (OC) and Client 
> Management Services (CMS) (CVE-2015-7450)
> - URL: http://www.ibm.com/support/docview.wss?
> 
uid=swg21971533&myns=swgtiv&mynp=OCSSSQWC&mync=E&cm_sp=swgtiv-_-OCSSSQWC-_-E
> - ABSTRACT: An Apache Commons Collections vulnerability for handling
> Java object deserialization was addressed by IBM Tivoli Storage 
> Manager Operations Center (IBM Spectrum Protect Operations Center) 
> and IBM Tivoli Storage Manager Client Services (IBM Spectrum Protect
> Client Management Services)..
>
Re: [ADSM-L] Fwd: FLASH: Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Storage Manager Operations Center (OC) and Client Management Services (CMS) (CVE-2015-7450) (2015.12.11)
