Before using this information and the product it supports, read the information in Notices.
This edition applies to Fix Pack 6 security for version 9, release 5, modification level 0 of HCL Dynamic Workload Console.
This readme file provides important information about Fix Pack 6 security for HCL Dynamic Workload Console version 9.5.0. Fix Pack 6 security
This readme file is the most current information for the fix pack and takes precedence over all other documentation for Dynamic Workload Console version 9.5.0 Fix Pack 6 security.
The most up-to-date version of this readme can be accessed at the following URL: Fix Pack readmes.
HCL Dynamic Workload Console version 9.5.0 Fix Pack 6 Security supports all product versions indicated in the Dynamic Workload Console Version 9.5 Release Notes.
For the most up-to-date information about supported operating systems, software and hardware requirements, see Dynamic Workload Console Detailed System Requirements.
Review the following sections thoroughly before installing or using this fix pack.
This section contains information specific for this Fix Pack including what has been modified or introduced, what has been fixed, product versions or components to which the Fix Pack applies, and compatibility issues, if any.
This section includes the following subsections:
This section lists APARs and internal defects resolved by Fix Pack 6.Security
APAR | ABSTRACT |
---|---|
IJ43867 |
DWC PENETRATION CONDUCTED AND REMEDIATION REQUIRED |
IJ44020 |
AUTHENTICATED XXE VULNERABILITY IN IBM TIVOLI WORKLOAD SCHEDULER |
IJ36579 |
IT IS OBSERVED THAT APPLICATION IS VULNERABLE TO HOST HEADER INJECTION |
IJ43726 |
CREDENTIALS AUTO UPDATE WITH LOGIN USER ID |
IJ44019 |
IBM SDK, JAVA TECHNOLOGY EDITION QUARTERLY CPU - APR 2022 - INCLUDES ORACLE APRIL 2022 |
IJ43699 |
XSS EXPLOITATION IS OCCURRING ON THE LOGIN PAGE |
DEFECT | ABSTRACT |
---|---|
WA-110627 |
[APPSCAN-IAST] : 9.5FP6 SECURITY : CRYPTOGRAPHY.POORENTROPY |
WA-110251 |
[APPSCAN-IAST] : 9.5FP6 SECURITY : PATHTRAVERSAL |
WA-110243 |
[APPSCAN-IAST] : 9.5FP6 SECURITY : CRYPTOGRAPHY.INSECUREALGORITHM |
WA-110242 |
[APPSCAN-IAST] : 9.5FP6 SECURITY : CRYPTOGRAPHY.INSECUREALGORITHM |
WA-110185 |
[APPSCAN STANDARD] COOKIE WITH INSECURE OR IMPROPER OR MISSING SAME SITE ATTRIBUTE |
WA-104021 |
[APPSCAN STANDARD] MISSING OR INSECURE "X-XSS-PROTECTION" HEADER WITH PARTICULAR URL |
WA-103880 |
[APPSCAN STANDARD] MISSING OR INSECURE "SCRIPT-SRC" POLICY IN "CONTENT-SECURITY-POLICY" HEADER |
WA-103203 |
[APPSCAN STANDARD] MISSING OR INSECURE HTTP STRICT-TRANSPORT-SECURITY HEADER |
WA-103201 |
[APPSCAN STANDARD] MISSING OR INSECURE "X-CONTENT-TYPE-OPTIONS" HEADER |
WA-103200 |
[APPSCAN STANDARD] MISSING "CONTENT-SECURITY-POLICY" HEADER |
WA-110085 |
XSS IN JOB DEFINITION DESCRIPTION FIELD - LIST WORKLOAD DEFINITION |
WA-107825 |
9.5 FP6 - DWCINST , --SKIPCHECKPREREQ IN PROPERTY FILE MUST BE SPECIFIED IN UPPERCASE |
WA-111328 |
ADD AIX 7.3 ON CHECK PREREQ |
WA-111295 |
PREDEFINED REPORT : DELETE POPUP IS NOT CLOSING AFTER CLICK ON OKAY |
WA-111253 |
IN MONITOR WORKLOAD, WHEN WE FILTER WITH JOB SECOND TIME. IT IS NOT SHOWING ENGINE, DEFAULT. WHICH WE SELECTED FIRST TIME |
WA-111265 |
WHEN WE OPEN DEFINITION THROUGH VIEW PRODUCTION PLAN THEN IT IS SHOWING BLANK |
WA-110979 |
RERUN, PRIORITY, PROPERTIES BUTTONS ARE NOT WORKING IN MONITOR WORKLOAD |
WA-110977 |
ENGINE CONNECTION SUCCESSFUL BUT WHEN OPEN WORKLOAD DEFINITION PAGE, IT'S SHOWING ERROR |
WA-110831 |
PERSONALIZED REPORTS PAGE IS SHOWING BLANK |
WA-111244 |
WORKSTATION WORKLOAD SUMMARY REPORT IS NOT SAVING WHEN WE R TRYING TO GIVE THIS AS DESCRIPTION " #$@(*&)3245879SDFGHJ:;AKFLHALFKAFALKFAFHASLFSAFHSALKFHALFAHFALKFHALKFHSAFOITQYTQOIYTQOIYQOWIYROQI ", EVEN IT IS NOT THROWING ANY ERROR/WARNING MESSAGE ALSO |
WA-111297 |
PREDEFINED REPORT: IF USER PROVIDE ANY JOB NAME WHILE CREATING JOB RUN HISTORY THEN WHILE EDITING GETTING ERROR FOR NOT VALID CHARACTER FOR FRENCH LANGUAGE |
The following are software limitations and workarounds that affect Dynamic Workload Console version 9.5.0 Fix Pack 6 Security. For a list of known problems and limitations documented for the V9.5 General Availability release, refer to the Release Notes.
9.5 Fix Pack 6 Security
This section describes the structure of the images contained in this Fix Pack.
Following is the structure of the Fix Pack on Flexnet:
Name | Description |
---|---|
DWC_9506_Security2022_Readme | Readme file with download instructions |
HWA_9506_Security2022_WEBSPHERE_LIBERTY | WebSphere Liberty application server |
Name | Description |
---|---|
HWA_9506_Security2022_AIX_AGENT | HCL Workload Automation Agent V9.5.0.6, Remote CLI and Workload Automation for Applications for AIX |
Name | Description |
---|---|
HWA_9506_Security2022_IBM_I_AGENT | HCL Workload Automation Agent V9.5.0.6 for IBM i |
Name | Description |
---|---|
HCL Workload Automation 9.5 LINUX | LINUX distribution |
HWA_9506_Security2022_DWC_LINUX_X86_64 | Workload Automation Dynamic Workload Console V9.5.0.6 for LINUX |
HWA_9506_Security2022_LNX_PPC64LE_AGENT | HCL Workload Automation Agent V9.5.0.6, Remote CLI and Workload Automation for Applications for Linux on POWER (little endian) |
HWA_9506_Security2022_LNX_S390_AGENT | HCL Workload Automation Agent V9.5.0.6, Remote CLI and Workload Automation for Applications for Linux on System z9 and System z |
HWA_9506_Security2022_LNX_X86_64_AGENT | Workload Automation Agent V9.5.0.6, Remote CLI and Workload Automation for Applications for Linux on x86-64 |
Name | Description |
---|---|
HCL Workload Automation 9.5 LINUX | LINUX distribution |
HWA_9506_Security2022_Console_Container | Dynamic Workload Console V9.5.0.6 for LINUX on Docker |
HWA_9506_Security2022_Console_Container_LINUX390 | Dynamic Workload Console V9.5.0.6 for LINUX on Docker |
HWA_9506_Security2022_Agent_Dynamic_Container | Workload Automation Agent V9.5.0.6, Remote CLI and Workload Automation for Applications for Linux on x86-64 on Docker |
HWA_9506_Security2022_Agent_Dynamic_Container_LINUX390 | Workload Automation Agent 9.5.0.6, Remote CLI and Workload Automation for Applications for Linux on System z9 and System z on Docker |
Name | Description |
---|---|
HCL Workload Automation 9.5 WINDOWS | WINDOWS distribution |
HWA_9506_Security2022_DWC_WINDOWS_X86_64 | Dynamic Workload Console V9.5.0.6 for WINDOWS |
HWA_9506_Security2022_WIN_X86_64_AGENT | HCL Workload Automation Agent V9.5.0.6, Remote CLI and Workload Automation for Applications for Windows x64 |
Name | Description |
---|---|
HCL Workload Automation V9.5 z/OS | z/OS distribution |
HWA_9506_Security2022_DWC_ZSYSTEM | HWA z/OS Dynamic Workload Console |
Name | Description |
---|---|
HCL Workload Automation V9.5 | z/OS distribution |
HWA_9506_OpenShift_Server_UI_Agent.zip | HWA Dynamic Workload Console, Agent and Server |
This section describes how to apply Fix Pack 6 Security to Dynamic Workload Console.
Read this section thoroughly before installing this Fix Pack.
umask 022
Dynamic Workload Console version 9.5.0 Fix Pack 6 Security supports all product versions indicated in the Dynamic Workload Console version 9.5 Release Notes which can be accessed at the following link: Dynamic Workload Console Version 9.5 Release Notes.
You can install the Dynamic Workload Console version 9.5 Fix Pack 6 Security as fresh install for more information. For further information, see .
If necessary, you can also return to a previous product version level, as described in Returning the Dynamic Workload Console to a previous product version level in Planning and Installation Guide.
Agent Installation When you apply the security fix pack on a 9.5 Fix Pack 6 agent ( dynamic agent, FTA, both, or zcentric), you must specify the -restore parameter in the twsinst script. If not specified, the following error occurs: AWSFAB109E You are performing an upgrade to version "9.5.0.06", but the installation script has found a previous instance of IBM Workload Automation, with the same version in the registry file "/etc/TWS/TWSRegistry.dat", belonging to the same TWSUser:<user>.
CCPUNAME your_master_domain_manager_workstation
DESCRIPTION "MANAGER CPU"
OS UNIX
NODE localhost TCPADDR 31111
SECUREADDR 31113
DOMAIN MASTERDM
FOR MAESTRO
TYPE MANAGER
AUTOLINK ON
BEHINDFIREWALL OFF
SECURITYLEVEL FORCE_ENABLED
FULLSTATUS ON
END
CPUNAME your_broker_workstation
DESCRIPTION "This workstation was automatically created."
OS OTHER
NODE localhost TCPADDR 41114
SECUREADDR 41114
DOMAIN MASTERDM
FOR MAESTRO
TYPE BROKER
AUTOLINK ON
BEHINDFIREWALL OFF
SECURITYLEVEL FORCE_ENABLED
FULLSTATUS OFF
END
The Broker.Workstation.PortSSL parameter specifies the port used by the broker server to listen to the incoming traffic (equivalent to the Netman port) in SSL mode. It is first assigned at installation time. This port number must always be the same for all the broker servers that you define in your HCL Workload Automation network (one with the master domain manager and one with every backup master domain manager you install) to ensure consistency when you switch masters.
Jnextplan -for 0000
Before starting the Fix Pack installation, ensure that you have the following space available in the file system. The values indicated in the table show the disk space required by the Dynamic Workload Console alone. For the disk space required by other components, see the relevant documentation.
For the most up-to-date information about disk space and memory requirements, see the hardware requirements at the following URL: see https://help.hcltechsw.com/workloadautomation/v95/Release_Notes_for_HCL_Workload_Scheduler_Dynamic_Workload_Console.htm.
Operating System | Installation directory | Temporary directory |
---|---|---|
AIX® | 2 GB | 800 MB |
Linux s390x | 2 GB | 800 MB |
Linux x86-64 | 2 GB | 800 MB |
Windows 64 | 2,5 GB | 1 GB |
/usr
file system.If the installation fails because of lack of free disk space, you must stop the installation, free space on your disk, and start the installation again.
Any additions or changes to the documentation as a result of this Fix Pack have been integrated into the online product documentation available in HCL Workload Automation documentation.
Refer to the HCL Workload Automation Support page: https://www.hcltech.com/products-and-platforms#support
This information was developed for products and services offered in the US. This material might be available from HCL in other languages. However, you may be required to own a copy of the product or product version in that language in order to access it.
HCL may not offer the products, services, or features discussed in this document in other countries. Consult your local HCL representative for information on the products and services currently available in your area. Any reference to an HCL product, program, or service is not intended to state or imply that only that HCL product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any HCL intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-HCL product, program, or service.
HCL may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to:
HCL
330 Potrero Ave.
Sunnyvale, CA 94085
USA
Attention: Office of the General Counsel
For license inquiries regarding double-byte character set (DBCS) information, contact the HCL Intellectual Property Department in your country or send inquiries, in writing, to:
HCL
330 Potrero Ave.
Sunnyvale, CA 94085
USA
Attention: Office of the General Counsel
HCL TECHNOLOGIES LTD. PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. HCL may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-HCL websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this HCL product and use of those websites is at your own risk.
HCL may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
HCL
330 Potrero Ave.
Sunnyvale, CA 94085
USA
Attention: Office of the General Counsel
Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
The licensed program described in this document and all licensed material available for it are provided by HCL under terms of the HCL Customer Agreement, HCL International Program License Agreement or any equivalent agreement between us.
The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary.
Information concerning non-HCL products was obtained from the suppliers of those products, their published announcements or other publicly available sources. HCL has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-HCL products. Questions on the capabilities of non-HCL products should be addressed to the suppliers of those products.
This information is for planning purposes only. The information herein is subject to change before the products described become available.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to actual people or business enterprises is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to HCL, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. HCL, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. HCL shall not be liable for any damages arising out of your use of the sample programs.
© (HCL) (2022).
Portions of this code are derived from HCL Sample Programs.
© Copyright HCL Ltd. _2022_.
HCL, and other HCL graphics, logos, and service names including "hcltech.com" are trademarks of HCL. Except as specifically permitted herein, these Trademarks may not be used without the prior written permission from HCL. All other trademarks not owned by HCL that appear on this website are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by HCL.
Adobe™, the Adobe logo, PostScript™, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
IT Infrastructure Library™ is a Registered Trade Mark of AXELOS Limited.
Linear Tape-Open™, LTO™, the LTO Logo, Ultrium™, and the Ultrium logo are trademarks of HP, IBM® Corp. and Quantum in the U.S. and other countries.
Intel™, Intel logo, Intel Inside™, Intel Inside logo, Intel Centrino™, Intel Centrino logo, Celeron™, Intel Xeon™, Intel SpeedStep™, Itanium™, and Pentium™ are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux™ is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft™, Windows, Windows NT™, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
|
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. |
Cell Broadband Engine™ is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.
ITIL™ is a Registered Trade Mark of AXELOS Limited.
UNIX™ is a registered trademark of The Open Group in the United States and other countries.
Permissions for the use of these publications are granted subject to the following terms and conditions.
These terms and conditions are in addition to any terms of use for the HCL website.
You may reproduce these publications for your personal, noncommercial use provided that all proprietary notices are preserved. You may not distribute, display or make derivative work of these publications, or any portion thereof, without the express consent of HCL.
You may reproduce, distribute and display these publications solely within your enterprise provided that all proprietary notices are preserved. You may not make derivative works of these publications, or reproduce, distribute or display these publications or any portion thereof outside your enterprise, without the express consent of HCL.
Except as expressly granted in this permission, no other permissions, licenses or rights are granted, either express or implied, to the publications or any information, data, software or other intellectual property contained therein.
HCL reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use of the publications is detrimental to its interest or, as determined by HCL, the above instructions are not being properly followed.
You may not download, export or re-export this information except in full compliance with all applicable laws and regulations, including all United States export laws and regulations.
HCL MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.