IBM Cognos Controller security fixRebecca Dagostino
IBM has recently issued an IBM bulletin concerning multiple security issues for a supporting component of IBM Cognos Controller. To address the vulnerabilities, IBM Cognos Controller can be patched from/to the following versions:
- Cognos Controller 10.2.0 -> 10.2.0 Fix Pack 1 Interim Fix 10
- Cognos Controller 10.2.1 -> 10.2.1 Fix Pack 4 Interim Fix 16
- Cognos Controller 10.3 -> 10.3 Fix Pack 1 Interim Fix 8
- Cognos Controller 10.3.1 -> 10.3.1 Interim Fix 03
How do I know what version I am on?
To confirm the current version being used – access Controller client, go to Help > System Info and compare the IBM Cognos Controller Version number with these build numbers.
How do I apply the fix to Cognos Controller?
If after an internal security review, you feel that an update to Cognos Controller is required, HAYNE will be more than happy to perform the update to your Cognos Controller installation for you.
- For Assist+ support customers you are entitled under your current support agreement to have HAYNE install the fix pack at no additional cost
- For customers whose system is hosted by HAYNE, as part of the management fee HAYNE can install the fix pack at no additional cost.
- For Assist only support customers and users who are not supported by HAYNE, the update will be chargeable which will cost you a fixed installation fee of £700 per Controller instance.
Please note, we will charge consultancy rates for any assistance in testing and in verifying that your results are unaffected by this security patch.
You should allow for 1 day per Controller environment, which includes technical testing by us. During this time users will be unable to access the application, therefore please schedule in for a time that is suitable to your business users.
If you have taken our advice and have a separate non-production instance(s), the update can be performed in this environment first for you to test before applying to your LIVE application.
Please note this is only a patch and you will continue to be on your current version following the updates. However, the interim fixes provided by IBM are cumulative by design, therefore we may be inadvertently adding fixes for other problems. Testing the system and ensuring the numbers do not change after re-consolidation is the responsibility of the customer.
Is it a good time to upgrade?
Given that there is a period of downtime involved in this, perhaps you should consider upgrading to the latest version 10.3.1, if you have not done so already? We can help you plan out and implement this migration.
We can support you to discover your needs, apply the security fixes, test the system and if necessary upgrade you to the latest version of IBM Cognos Controller. Contact us to have an informal chat OR arrange a HAYNE 3D Vision Workshop where we can review your entire Financial Planning, Reporting and Analytics process.
For more information and reading…