PM78775: OU NAME ERRORNOUSLY EXPOSED ON URL AS PARAMETER WHEN TRYING TO GET COGNOS REPORT

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • User found the important informaion "OU name" is errornously
    exposed on URL as parameter when trying to get cognos
    report. The way to reproduce the problem:
    
        1- https://ip:9443/wbifn
        2- login with userid and password (associated with Bank1)
        3- Go to Cognos reporting
        4- Search criteria (OU name is locked based on the userid
           and pw that was provided during login time.)
        5- Then you get the report for Bank1.
        6- Copy this URL in a different browser
        7- Now you can modify the OU from the URL in order to get
           the report for another company (ex.: Bank2)
        8- Paste the modified URI in another browser, and then you
           can see the report of the other OU.
    
    User think it is a security breach and want to know how to
    fix it.
    

Local fix

  • n
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: OU NAME ERRONEOUSLY EXPOSED ON URL AS   *
    *                      PARAMETER WHEN RUNNING COGNOS REPORT    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Formerly,  when running a Cognos report with the option to
    display the result in a separate window, the OU name was
    erroneously exposed on the URL.
    

Problem conclusion

  • This has been corrected.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM78775

  • Reported component name

    WBI FN BASE

  • Reported component ID

    5724D9630

  • Reported release

    311

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-10

  • Closed date

    2012-12-28

  • Last modified date

    2012-12-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PM78989

Fix information

  • Fixed component name

    WBI FN BASE

  • Fixed component ID

    5724D9630

Applicable component levels

  • R311 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Business Integration for Financial Networks

Software version:

311

Reference #:

PM78775

Modified date:

2012-12-28

Translate my page

Machine Translation

Content navigation