PM26682: CLIENT: A security scan reveals cross site script vulnerability in Executive Viewer

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • ??Customer used IBM Rational AppScan tool to scan their EV
    environment.  This is a new / fresh / first time installation of
    the Executive Viewer.  As part of their security policy they ran
    Application vulnerability Assessment against the URL provided by
    Yelu.  Again, this is the first scan of this
    machine/environment.  ??
                                          ??The AppScan results
    indicate two high vulnerabilities (Cross Site Scripting) for the
    /aspnet_client and /evserver/createcontrol.js.  ??
    
    ??????
    

Local fix

  • N.A.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * Executive Viewer Client users                                *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See error description.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to IBM Cognos Executive Viewer 9.5 Fix Pack 1        *
    ****************************************************************
    

Problem conclusion

  • Code Fix
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM26682

  • Reported component name

    TM1 EXE VIEW SE

  • Reported component ID

    5724W49ES

  • Reported release

    940

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-11-12

  • Closed date

    2012-01-05

  • Last modified date

    2012-01-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TM1 EXE VIEW SE

  • Fixed component ID

    5724W49ES

Applicable component levels

  • R950 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Cognos TM1
Executive Viewer

Software version:

9.4

Reference #:

PM26682

Modified date:

2012-01-05

Translate my page

Machine Translation

Content navigation