Prepare your patterns for IBM PureApplication 2.2.6.0 or IBM Cloud Pak System 2.3.0.0

Posted byHendrik van RunPosted inIBM Cloud Pak System, IBM Developer blog

Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more”  by Hendrik van Run on 5 July 2019 (571 visits)

As we posted earlier on this blog here, IBM PureApplication firmware version 2.2.6.0 was released just over a month ago. Exactly one week ago IBM launched IBM Cloud Pak System, which builds on IBM PureApplication and ships with firmware version 2.2.3.0. Existing IBM PureApplication clients can upgrade to 2.2.6.0 or 2.3.0.0, from a technical point there are no differences.

Both these firmware versions have one thing in common though, and that is a significant focus on making these appliances more secure. IBM published this support document, detailing the APARs and security fixes included in firmware version 2.2.6.0. You can see that 30 CVEs (Common Vulnerabilities and Exposures) were addressed. This is good news, however there is one thing that clients should be aware of prior to planning a firmware upgrade to 2.2.6.0 or higher.

IBM addressed CVE-2019-4235 by enforcing a password policy on all password parameters used by Virtual System Patterns. At deployment time of a Virtual System Pattern, the system simply mandates that every password parameters contains at least 8 characters with a minimum of one alphanumeric character and one number. If one or more passwords do not meet this policy, it will block the deployment with one of these two errors:

  • CMPRE0015E: The given password violates password policy for pattern deployments. Password must contain at least one numeric and one alphabet characters
  • CMPRE0016E: The given password violates password policy for pattern deployments. The password length must be at least 8.

IBM published the support document Improving pattern security about weak password policy in IBM PureApplication System to describe the above in more detail.

Unfortunately this password policy cannot be disabled, configured or customised today. Therefor IBM strongly recommends client to evaluate any password parameters they use in their existing Virtual System Patterns prior to upgrading to 2.2.6.0 or higher.

Note: Password parameters can be found in a Virtual System Patterns itself, but also in Script Packages or Software Components used in that Virtual System Pattern.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Design a site like this with WordPress.com
Get started