IV32812: Add additional validation to TEP browser client URL checking.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Cross site scripting (XSS) vulnerability identified in the
    Tivoli Enterprise Portal browser client URL code.
    

Local fix

Problem summary

  • Cross site scripting (XSS) vulnerability identified in the
    Tivoli Enterprise Portal browser client URL code.
    

Problem conclusion

  • Provided additional JavaScript filtering for the Tivoli
    Enterprise Portal URL.
    
    The fix for this APAR is included in the following maintenance
    vehicle:
    
       | interim fix | 6.2.2-TIV-ITM-FP0009-IV32812
       | fix pak | 6.2.3-TIV-ITM-FP0003
       | release | 6.3.0-TIV-ITM
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV32812

  • Reported component name

    TEP

  • Reported component ID

    5724C04EP

  • Reported release

    622

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-30

  • Closed date

    2013-05-22

  • Last modified date

    2013-05-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TEP

  • Fixed component ID

    5724C04EP

Applicable component levels

  • R623 PSY

       UP

  • R622 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Components
ITM Tivoli Enterprise Portal V6

Software version:

622

Reference #:

IV32812

Modified date:

2013-05-22

Translate my page

Machine Translation

Content navigation