HE11605: CROSS-SCRIPTING VULNERABILITIES OBSERVED WITH CERTAIN QUERY PARAMETERS IN EDISCOVERY MANAGER.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • In eDiscovery Manager, certain query parameters
    in the URLs exhibit cross-scripting vulnerabilities and this
    needs to be addressed.
    

Local fix

Problem summary

  • Some parameters are vulnerable to cross-site scripting requests.
    This is a potential security issue.
    

Problem conclusion

  • The parameters that were vulnerable to cross-site scripting
    requests are no longer vulnerable. Input text is now checked for
    potential scripting before being displayed in the user
    interface.
    

Temporary fix

Comments

APAR Information

  • APAR number

    HE11605

  • Reported component name

    EDISCOVERY MANA

  • Reported component ID

    5724V3600

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-09-12

  • Closed date

    2012-12-06

  • Last modified date

    2012-12-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    EDISCOVERY MANA

  • Fixed component ID

    5724V3600

Applicable component levels

  • R221 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

eDiscovery Manager

Software version:

2.2

Reference #:

HE11605

Modified date:

2012-12-06

Translate my page

Machine Translation

Content navigation