APAR status
Closed as program error.
Error description
It is possible to inject crafted SQL query and retrieve any data from the database through EBICS partner search field by using crafted SQL query. The vulnerable parameter is on EBICS - Subscription Manager - Profile Manager - Partner Configuration - Create a new partner screen.
Local fix
None STRRTC 526554 KK/KK
Problem summary
Users Affected: All Problem Description: SQL injection vulnerability in EBICS partner profile configuration. Platforms Affected: All
Problem conclusion
Resolution Summary: A code fix is provided. Delivered in: 5020602_4 5020603_2 5020500_16 5020601_8
Temporary fix
Comments
APAR Information
APAR number
IT20226
Reported component name
STR FILE GATEWA
Reported component ID
5725D0700
Reported release
225
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-04-14
Closed date
2017-05-11
Last modified date
2017-08-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR FILE GATEWA
Fixed component ID
5725D0700
Applicable component levels
[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4TGX","label":"IBM Sterling File Gateway"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.2"}]
Document Information
Modified date:
03 March 2021