IC37554: TSM SERVER MAY ALLOW UNAUTHORIZED ACCESS TO SERVER VIA A CONSOLE MODE SESSION DUE TO SESSION EXPOSURE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The IBM Tivoli Storage Manager Server may allow an unauthorized
    administrator to start an admin session in "console mode" with
    the server due to session exposure.
    This unauthorized "console mode" session will allow a user to
    monitor activities on the TSM server but will not allow commands
    to be entered.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: This APAR affects the Tivoli Storage         *
    *                 Manager Server version 5.1.X and 5.2.X on    *
    *                 all platforms.                               *
    ****************************************************************
    * PROBLEM DESCRIPTION: Users can view the server console       *
    *                      without authentication with the         *
    *                      server.                                 *
    ****************************************************************
    * RECOMMENDATION: Install PATCH or PTF when available.  The    *
    *                 release schedule and version number may      *
    *                 change at IBM discretion.   The target PTF   *
    *                 versions are 5.1.8.  The target PATCH        *
    *                 level is 5.2.1.2.                            *
    ****************************************************************
    Under limited circumstance, the server may allow a user to
    view the server console without requesting user's credentials.
     Under these limited circumstance, the user can not execute
    commands against the server.
    

Problem conclusion

  • The problem has been corrected on the server.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC37554

  • Reported component name

    TSM SERVER 510

  • Reported component ID

    5698ISMSV

  • Reported release

    52A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2003-09-29

  • Closed date

    2003-10-14

  • Last modified date

    2003-10-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PQ79590 PQ79835

Fix information

  • Fixed component name

    TSM SERVER 510

  • Fixed component ID

    5698ISMSV

Applicable component levels

  • R51A PSY

       UP

  • R51H PSY

       UP

  • R51L PSY

       UP

  • R51P PSY

       UP

  • R51S PSY

       UP

  • R51W PSY

       UP

  • R52A PSY

       UP

  • R52H PSY

       UP

  • R52L PSY

       UP

  • R52P PSY

       UP

  • R52S PSY

       UP

  • R52W PSY

       UP



Document information


More support for:

Tivoli Storage Manager

Software version:

52A

Reference #:

IC37554

Modified date:

2003-10-20

Translate my page

Content navigation