IBM Support

JR48804: USER CREDENTIALS FOR SAP SERVER LOGIN DO NOT USE STRONG ENOUGH ENCRYPTION TO FULLY SECURE USERS' LOGIN INFORMATION

Fixes are available

Version 8.5 Refresh Pack 5 for the IBM Business Process Manager products
Download Version 8.0.1 Fix Pack 3 for the IBM Business Process Manager products
Version 8.5.0 Fix Pack 2 for the IBM Business Process Manager products

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • In IBM Process Center, you can import a blueprint project from
SAP Solution Manager. To communicate with SAP Solution Manager,
a SAP user and password are required, which were stored in
cookies and, therefore, without encryption that is strong enough
to  fully secure the login information.

PRODUCTS AFFECTED
IBM Business Process Manager (BPM) Advanced
IBM BPM Standard
IBM BPM Express

Local fix

  • 



Problem summary


    

  • No additional information is available.

    



Problem conclusion


    

  • A fix will be incorporated into a later release that

-Stops sending SAP Solution Manager connection information in
cookies
-Makes the SAP Solution Manager connection information specific
to IBM BPM, meaning that the SAP Solution Manager connection
information is stored in IBM BPM and IBM BPM records the IBM BPM
user who saves the connection information. When an IBM BPM user
wants to use the SAP Solution Manager connection information
that is saved in IBM BPM to connect to SAP Solution Manager,
only the connection information that he or she saved is
available for him or her.
-Encrypts the SAP Solution Manager connection information in the
database and in information that sends from the server side to
the client side, meaning that the SAP Solution Manager
connection information is stored in the IBM BPM database in an
encrypted way. When IBM BPM sends the connection information
from the IBM BPM server side to the IBM BPM client side, IBM BPM
encrypts the information before it sends the information out.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR48804
    • 

  • Reported component name
    BPM STANDARD
    • 

  • Reported component ID
    5725C9500
    • 

  • Reported release
    801
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-12-12
    • 

  • Closed date
    2015-03-01
    • 

  • Last modified date
    2015-03-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    

  • R801  PSY
       UP
    • 

  • R850  PSY
       UP
    • 

  • R855  PSY
       UP
    • 

  • R856  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            12 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback