IBM Support

IV47175: CROSS SITE SCRITPING SECURITY VULNERABILITY ON THE REST API

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The REST api has been identified as a security vulnerability as
    part of security health check. It is open to malicious attacks
    and needs locking down to prevent cross site scripting attacks,
    launching popup etc
    

Local fix

Problem summary

  • Cross site scritping security vulnerability on the REST api
    

Problem conclusion

  • Conclusion: *
                  The fix for this Performance APAR is contained in
    the following maintenance packages:
                  | fix pack | 7.2.4-TIV-TSAM-FP0004
              --> Conclusion: *
                  The fix for Server Side Validation is contained in
    the following maintenance packages:
                  | fix pack | 7.2.3.0_TIV-TSAM-LA0032
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV47175

  • Reported component name

    TSAM (& INSTALL

  • Reported component ID

    5724W7800

  • Reported release

    723

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2013-08-16

  • Closed date

    2013-11-18

  • Last modified date

    2013-11-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TSAM (& INSTALL

  • Fixed component ID

    5724W7800

Applicable component levels

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFG5E","label":"Tivoli Service Automation Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"723"}]

Document Information

Modified date:
09 November 2020