APAR status
Closed as program error.
Error description
The REST api has been identified as a security vulnerability as part of security health check. It is open to malicious attacks and needs locking down to prevent cross site scripting attacks, launching popup etc
Local fix
Problem summary
Cross site scritping security vulnerability on the REST api
Problem conclusion
Conclusion: * The fix for this Performance APAR is contained in the following maintenance packages: | fix pack | 7.2.4-TIV-TSAM-FP0004 --> Conclusion: * The fix for Server Side Validation is contained in the following maintenance packages: | fix pack | 7.2.3.0_TIV-TSAM-LA0032
Temporary fix
Comments
APAR Information
APAR number
IV47175
Reported component name
TSAM (& INSTALL
Reported component ID
5724W7800
Reported release
723
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2013-08-16
Closed date
2013-11-18
Last modified date
2013-11-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TSAM (& INSTALL
Fixed component ID
5724W7800
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFG5E","label":"Tivoli Service Automation Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"723"}]
Document Information
Modified date:
09 November 2020