IBM Support

IC37554: TSM SERVER MAY ALLOW UNAUTHORIZED ACCESS TO SERVER VIA A CONSOLE MODE SESSION DUE TO SESSION EXPOSURE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The IBM Tivoli Storage Manager Server may allow an unauthorized
administrator to start an admin session in "console mode" with
the server due to session exposure.
This unauthorized "console mode" session will allow a user to
monitor activities on the TSM server but will not allow commands
to be entered.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: This APAR affects the Tivoli Storage         *
*                 Manager Server version 5.1.X and 5.2.X on    *
*                 all platforms.                               *
****************************************************************
* PROBLEM DESCRIPTION: Users can view the server console       *
*                      without authentication with the         *
*                      server.                                 *
****************************************************************
* RECOMMENDATION: Install PATCH or PTF when available.  The    *
*                 release schedule and version number may      *
*                 change at IBM discretion.   The target PTF   *
*                 versions are 5.1.8.  The target PATCH        *
*                 level is 5.2.1.2.                            *
****************************************************************
Under limited circumstance, the server may allow a user to
view the server console without requesting user's credentials.
 Under these limited circumstance, the user can not execute
commands against the server.

    



Problem conclusion


    

  • The problem has been corrected on the server.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC37554
    • 

  • Reported component name
    TSM SERVER 510
    • 

  • Reported component ID
    5698ISMSV
    • 

  • Reported release
    52A
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2003-09-29
    • 

  • Closed date
    2003-10-14
    • 

  • Last modified date
    2003-10-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
PQ79590 PQ79835
    

    • 



Fix information


    

  • Fixed component name
    TSM SERVER 510
    • 

  • Fixed component ID
    5698ISMSV
    • 



Applicable component levels


    

  • R51A  PSY
       UP
    • 

  • R51H  PSY
       UP
    • 

  • R51L  PSY
       UP
    • 

  • R51P  PSY
       UP
    • 

  • R51S  PSY
       UP
    • 

  • R51W  PSY
       UP
    • 

  • R52A  PSY
       UP
    • 

  • R52H  PSY
       UP
    • 

  • R52L  PSY
       UP
    • 

  • R52P  PSY
       UP
    • 

  • R52S  PSY
       UP
    • 

  • R52W  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"52A","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            20 October 2003
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback