IBM i is vulnerable to an authenticated administrator gaining elevated privileges due to improper SQL processing as described in the vulnerability details section. IBM i has addressed the vulnerability in the SQL processing as described in the remediation/fixes section. Read More
Preparing customer firewalls and proxies for the upcoming infrastructure changes – Call Home, Electronic Fix Distribution
Affected DomainCall Home and Electronic Fix Distribution
AbstractPublic internet IP addresses are changing for the IBM servers that support Call Home and electronic download of fixes for customer system’s software, hardware, and operating system. This change pertains to all operating systems and applications connecting to IBM for electronic Call Home and fix download.
Customer action might be required to ensure uninterrupted Call Home and fix delivery services.
DescriptionNew network connections between your machine and IBM servers are required to keep your ability to perform Call Home and download fixes. If you have a firewall in your network, you might need to make changes to allow the new connections.
Recommended ActionFirewall
IP addresses for esupport.ibm.com and www-945.ibm.com are changing.
Ensure as soon as possible that the following DNS names, IP addresses, and ports are open on your firewall. If these connections are NOT currently allowed, then you must create new firewall rules that allow them to flow. Add firewall rules for ALL new IP addresses. Even the IP addresses not enabled until after 2023. Do NOT change or remove existing firewall rules.
Note 1: IP addresses are subject to change. Use DNS names whenever possible.
Note 2: Applies to protocols HTTPS (port 443)
Host name
Old IP addresses
(IPv4 and IPv6)
New IP addresses
(IPv4 and IPv6)
Target date
(New IP is enabled, old IP is disabled)
esupport.ibm.com
129.42.54.189
2620:0:6c4:200:129:42:54:189
129.42.21.70
2607:f0d0:3901:33:129:42:21:70
April 14, 2023
esupport.ibm.com
129.42.56.189
2620:0:6c4:200:129:42:56:189
129.42.18.70
2607:f0d0:1f01:9f:129:42:18:70
May 30, 2023
esupport.ibm.com
129.42.60.189
2620:0:6c4:200:129:42:60:189
129.42.19.70
2607:f0d0:2601:13:129:42:19:70
May 31, 2023
www-945.ibm.com
129.42.50.224
2620:0:6c4:1::1000
TBD
TBD
www-945.ibm.com
129.42.26.224
2620:0:6c0:1::1000
TBD
TBD
www-945.ibm.com
129.42.42.224
2620:0:6c2:1::1000
TBD
TBD
Note: Table will be updated for www-945.ibm.com once new IPs and dates are known.
Proxy server
If your machine does NOT have direct Internet access with your network configuration, then you must make sure that your proxy server is correctly configured to allow these previously mentioned connections to flow.
Questions & Answers
Q1) Am I impacted by this change?
A1: If you are using a IBM client side application or tool, doing electronic Call Home or electronic fix download, then you might be impacted by this change. If this change is not made before April 14, 2023, the ability to do Call Home, and download fixes from IBM might be impacted.
Q2) Which applications can be impacted by this change?
A2: IBM client application, operating system, or system tool that is performing Call Home or downloading fixes. Examples are Electronic Service Agent, Send PTF Order (SNDPTFORD), Service Update Management Assistant (SUMA), and TS3000 System Console (TSSC). Users of Fix Central are not affected by this change.
Q3) Which systems can be impacted by this change?
A2: All systems, which connect to IBM for Call Home services or download fixes that use the following hostnames, but, which have firewalls or proxies configured with IP addresses, are impacted:
esupport.ibm.com
www-945.ibm.com Read More
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.
IBM WebSphere Application Server for IBM i is vulnerable to a server-side request forgery due to a flaw in parsing the href attribute (CVE-2022-46364), and is affected by an attacker obtaining sensitive information due to improper permissions on a temporary file (CVE-2022-45787), attacker gaining elevated privileges due to an insecure temp file (CVE-2023-0482), and a denial of service due to not limiting the file upload request function (CVE-2023-24998) as described in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes section. Read More
What’s in IBM i 7.5 Technology Refresh 2 and 7.4 Technology Refresh 8 for System Administrators? Ash Giddings
May 5, 2023, sees the availability of the latest technology refreshes for IBM i 7.5 (TR2) and 7.4 (TR8), and as always is feature packed…. Read More
Debbie Saugen on IBM i Backup and Recovery
We couldn’t extract the content of this article. Here is the URL so you can access it:https://techchannel.com/SMB/5/2023/debbie-saugen-ibm-i-backup-recovery Read More
