PM38335: DFT Improper Access Control security vulnerability found in RAM server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • DFT Improper Access Control security vulnerability found in RAM
    server
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    From the user's preferences page it is possible to modify
    any user's preferences by changing the UID parameter.  Only
    the administrator should be able to modify another user's
    preferences.
    

Problem conclusion

  • Now only the repository administrator has the ability to
    change the preferences of other users. This is now fixed in
    RAM v7.5.1.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM38335

  • Reported component name

    RATL ASSET MGR

  • Reported component ID

    5724R4200

  • Reported release

    750

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-05-03

  • Closed date

    2011-11-05

  • Last modified date

    2011-11-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    RATL ASSET MGR

  • Fixed component ID

    5724R4200

Applicable component levels

  • R750 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Rational Asset Manager

Software version:

7.5

Reference #:

PM38335

Modified date:

2011-11-05

Translate my page

Machine Translation

Content navigation