PM74462: Authorization checking is not done on placement service operations.

A fix is available

WebSphere DataPower XC10 Appliance firmware security fixes

APAR status

Closed as program error.

Error description

No authorization checking is done on placement service
operations.

Local fix

```
n/a
```

Problem summary

****************************************************************
* USERS AFFECTED:  All customers running WebSphere eXtreme     *
*                  Scale servers in a configuration that       *
*                  uses Java Security Manager restrictions     *
*                  on administrative access to authorized      *
*                  identities.                                 *
****************************************************************
* PROBLEM DESCRIPTION: An administrative operation can be      *
*                      performed by an authenticated user      *
*                      that does not have administrative       *
*                      permissions.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Access to placement service operations via the startOgServer
script are not restricted to only the administrators that have
appropriate MBean permissions.

Problem conclusion

The runtime environment was corrected by adding a subroutine to
restrict access to the placement service.  Therefore, only
administrators with appropriate MBean permissions for all
targets and actions, as defined in the Java security policy
file, can perform the corresponding operations.

Temporary fix

Comments

APAR Information

APAR number
PM74462
Reported component name
WS EXTREME SCAL
Reported component ID
5724X6702
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-10-05
Closed date
2013-02-06
Last modified date
2013-02-06

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WS EXTREME SCAL
Fixed component ID
5724X6702

Applicable component levels

R711 PSY
UP
R850 PSY
UP

Rate this page:

(0 users)Average rating

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Document information

WebSphere eXtreme Scale

Software version:
850

Reference #:
PM74462

Modified date:
2013-02-06

PM74462: Authorization checking is not done on placement service operations.

A fix is available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R711 PSY

R850 PSY

Rate this page:

Copyright and trademark information

Rate this page:

Add comments

Document information

Translate my page

Content navigation

Footer links