APAR status
Closed as program error.
Error description
DFT Improper Access Control security vulnerability found in RAM server
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** From the user's preferences page it is possible to modify any user's preferences by changing the UID parameter. Only the administrator should be able to modify another user's preferences.
Problem conclusion
Now only the repository administrator has the ability to change the preferences of other users. This is now fixed in RAM v7.5.1.
Temporary fix
Comments
APAR Information
APAR number
PM38335
Reported component name
RATL ASSET MGR
Reported component ID
5724R4200
Reported release
750
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-05-03
Closed date
2011-11-05
Last modified date
2011-11-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
RATL ASSET MGR
Fixed component ID
5724R4200
Applicable component levels
R750 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSUS84","label":"Rational Asset Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
05 November 2011