A fix is available
APAR status
Closed as fixed if next.
Error description
When using REST APIs to retrieve process instance data, an unauthorized user who's not a member of the appropriate participant group may be able to access process instance data by having the process instance ID only.
Local fix
n/a.
Problem summary
**************************************************************** * USERS AFFECTED: Users of Rest APIs * **************************************************************** * PROBLEM DESCRIPTION: No authirization check upon entering * * API * **************************************************************** * RECOMMENDATION: * **************************************************************** When using REST APIs to retrieve process instance data, an unauthorized user who's not a member of the appropriate participant group may be able to access process instance data by having the process instance ID only.
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
JR44661
Reported component name
BPM STANDARD
Reported component ID
5725C9500
Reported release
751
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-11-06
Closed date
2012-12-19
Last modified date
2012-12-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R750 PSY
UP
R800 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1"}]
Document Information
Modified date:
06 October 2021