IBM Support

OA38586: Secure Engineering Framework (SEF) remediation

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Remediation of IBM Security Engineering Framework (SEF) scan
    results
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All Tivoli Event Pump for z/OS users.        *
    ****************************************************************
    * PROBLEM DESCRIPTION: This APAR enhances Tivoli Event Pump    *
    *                      for z/OS product in accordance with IBM *
    *                      Secure Engineering Framework (SEF)      *
    *                      standards. It also contains fix for     *
    *                      S0C4 ABEND that could occur in internal *
    *                      codepage conversation routines.         *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF.                               *
    ****************************************************************
    Tivoli Event Pump for z/OS logs user related information
    (userid and password) into AOPSCLOG (AOPLOG) data set if options
    VALIDATE_SOAP_USERS and LOG_REQUESTS set to YES. Tivoli Event
    Pump for z/OS generates RACF PassTickets for user ID that is
    used by Tivoli Event Pump for z/OS address space to communicate
    with another instance of application. This information is used
    by other instances of Tivoli Event Pump for z/OS in SYSPLEX
    environment to check user credentials and perform requested
    action. Even if PassTickets have certain period of validity they
    can be used to execute third-party actions on particular Tivoli
    Event Pump for z/OS environment. There are also several minor
    security vulnerabilities in Tivoli Event Pump for z/OS product,
    but they could not affect users or systems running the product.
    
    The ABEND S0C4 could occur in Source Collector component for
    Tivoli Event Pump for z/OS:
    
      SYSTEM COMPLETION CODE=0C4  REASON CODE=00000010
       TIME=14.11.43  SEQ=00165  CPU=0000  ASID=0046
       PSW AT TIME OF ERROR  078D2000   8440D438  ILC 4  INTC 10
         NO ACTIVE MODULE FOUND
         NAME=UNKNOWN
         DATA AT PSW  0440D432 - A5A44780  C07ABF3F  10004770
         AR/GR 0: 8D3AC47A/00000066   1: 00000000/7465643C
               2: 00000000/0F107D77   3: 00000000/7465643C
               4: 00000000/0F107E8B   5: 00000000/00000000
               6: 00000000/0EB23BAF   7: 00000000/8440D4F4
               8: 00000000/00000114   9: 00000000/0EB23BB4
               A: 00000000/0EB23AB0   B: 00000000/8440D426
               C: 00000000/8440D3D0   D: 00000000/0440E3C8
               E: 00000000/8440E89E   F: 01000002/00000031
    
    This ABEND occurs only for external (outside z/OS SYSPLEX) SOAP
    requests when ASCII to EBCDIC conversation is needed. Since
    Tivoli Event Pump for z/OS SOAP server does not involved in any
    heterogeneous interchange probability of this event is
    considerably low.
    

Problem conclusion

  • Tivoli Event Pump for z/OS replaces the user related information
    (userid and password) with asterisk (*) symbols in AOPSCLOG
    (AOPLOG) data set.
    
    All minor security vulnerabilities as well as 0C4 ABEND in
    convertation routines were fixed.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA38586

  • Reported component name

    EVENT PUMP FOR

  • Reported component ID

    5698B3400

  • Reported release

    422

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-01-25

  • Closed date

    2012-02-15

  • Last modified date

    2012-04-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA64199

Modules/Macros

  • GTMIPCRH GTMRXA2E GTMRXE2A GTMSENDR GTMSENDX
    GTMSOAP
    

Fix information

  • Fixed component name

    EVENT PUMP FOR

  • Fixed component ID

    5698B3400

Applicable component levels

  • R422 PSY UA64199

       UP12/03/03 P F203

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSXTW7","label":"Tivoli Event Pump for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"422","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"422","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 April 2012