OA38586: Secure Engineering Framework (SEF) remediation

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Remediation of IBM Security Engineering Framework (SEF) scan
  results
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All Tivoli Event Pump for z/OS users.        *
  ****************************************************************
  * PROBLEM DESCRIPTION: This APAR enhances Tivoli Event Pump    *
  *                      for z/OS product in accordance with IBM *
  *                      Secure Engineering Framework (SEF)      *
  *                      standards. It also contains fix for     *
  *                      S0C4 ABEND that could occur in internal *
  *                      codepage conversation routines.         *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF.                               *
  ****************************************************************
  Tivoli Event Pump for z/OS logs user related information
  (userid and password) into AOPSCLOG (AOPLOG) data set if options
  VALIDATE_SOAP_USERS and LOG_REQUESTS set to YES. Tivoli Event
  Pump for z/OS generates RACF PassTickets for user ID that is
  used by Tivoli Event Pump for z/OS address space to communicate
  with another instance of application. This information is used
  by other instances of Tivoli Event Pump for z/OS in SYSPLEX
  environment to check user credentials and perform requested
  action. Even if PassTickets have certain period of validity they
  can be used to execute third-party actions on particular Tivoli
  Event Pump for z/OS environment. There are also several minor
  security vulnerabilities in Tivoli Event Pump for z/OS product,
  but they could not affect users or systems running the product.
  
  The ABEND S0C4 could occur in Source Collector component for
  Tivoli Event Pump for z/OS:
  
    SYSTEM COMPLETION CODE=0C4  REASON CODE=00000010
     TIME=14.11.43  SEQ=00165  CPU=0000  ASID=0046
     PSW AT TIME OF ERROR  078D2000   8440D438  ILC 4  INTC 10
       NO ACTIVE MODULE FOUND
       NAME=UNKNOWN
       DATA AT PSW  0440D432 - A5A44780  C07ABF3F  10004770
       AR/GR 0: 8D3AC47A/00000066   1: 00000000/7465643C
             2: 00000000/0F107D77   3: 00000000/7465643C
             4: 00000000/0F107E8B   5: 00000000/00000000
             6: 00000000/0EB23BAF   7: 00000000/8440D4F4
             8: 00000000/00000114   9: 00000000/0EB23BB4
             A: 00000000/0EB23AB0   B: 00000000/8440D426
             C: 00000000/8440D3D0   D: 00000000/0440E3C8
             E: 00000000/8440E89E   F: 01000002/00000031
  
  This ABEND occurs only for external (outside z/OS SYSPLEX) SOAP
  requests when ASCII to EBCDIC conversation is needed. Since
  Tivoli Event Pump for z/OS SOAP server does not involved in any
  heterogeneous interchange probability of this event is
  considerably low.
  

Problem conclusion

• Tivoli Event Pump for z/OS replaces the user related information
  (userid and password) with asterisk (*) symbols in AOPSCLOG
  (AOPLOG) data set.
  
  All minor security vulnerabilities as well as 0C4 ABEND in
  convertation routines were fixed.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• GTMIPCRH GTMRXA2E GTMRXE2A GTMSENDR GTMSENDX
  GTMSOAP
  

Fix information

• Fixed component name

  EVENT PUMP FOR

• Fixed component ID

  5698B3400

Applicable component levels

• R422 PSY UA64199

     UP12/03/03 P F203

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.