A fix is available
APAR status
Closed as program error.
Error description
Customer noticed that login pages for Process Portal and Process Center don't have frame busting code to prevent login pages from being displayed inside a frame. Even though log in pages are always exposed to internal use, customer still wants to add frame busting code here to avoid potential vulnerability.
Local fix
Fix will be created against BPM 7.5.1 and The issue will be fixed in BPM 8.
Problem summary
**************************************************************** * USERS AFFECTED: BPM 7.5.1 users that use early versions of * * IE broswers (IE 5.5 and 6.x). * **************************************************************** * PROBLEM DESCRIPTION: Process Portal and Process Center * * login pages don't have frame busting * * code. * **************************************************************** * RECOMMENDATION: * **************************************************************** Process Portal and Process Center login pages don't have frame busting code to prevent login pages from being displayed inside a frame. Need to add frame busting code to avoid potential vulnerability.
Problem conclusion
Frame busting code was added to fix the vulnerabilities.
Temporary fix
Comments
APAR Information
APAR number
JR42576
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
751
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-04-19
Closed date
2012-06-05
Last modified date
2012-06-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R750 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
12 October 2021