PM78775: OU NAME ERRORNOUSLY EXPOSED ON URL AS PARAMETER WHEN TRYING TO GET COGNOS REPORT

A fix is available

Download PTFs for WebSphere BI for FN for Multiplatforms v3.1.1 - MM

APAR status

Closed as program error.

Error description

User found the important informaion "OU name" is errornously
exposed on URL as parameter when trying to get cognos
report. The way to reproduce the problem:

    1- https://ip:9443/wbifn
    2- login with userid and password (associated with Bank1)
    3- Go to Cognos reporting
    4- Search criteria (OU name is locked based on the userid
       and pw that was provided during login time.)
    5- Then you get the report for Bank1.
    6- Copy this URL in a different browser
    7- Now you can modify the OU from the URL in order to get
       the report for another company (ex.: Bank2)
    8- Paste the modified URI in another browser, and then you
       can see the report of the other OU.

User think it is a security breach and want to know how to
fix it.

Local fix

```
n
```

Problem summary

****************************************************************
* USERS AFFECTED: All users                                    *
****************************************************************
* PROBLEM DESCRIPTION: OU NAME ERRONEOUSLY EXPOSED ON URL AS   *
*                      PARAMETER WHEN RUNNING COGNOS REPORT    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Formerly,  when running a Cognos report with the option to
display the result in a separate window, the OU name was
erroneously exposed on the URL.

Problem conclusion

```
This has been corrected.
```

Temporary fix

Comments

APAR Information

APAR number
PM78775
Reported component name
WBI FN BASE
Reported component ID
5724D9630
Reported release
311
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-12-10
Closed date
2012-12-28
Last modified date
2012-12-28

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WBI FN BASE
Fixed component ID
5724D9630

Applicable component levels

R311 PSY
UP

Rate this page:

(0 users)Average rating

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Document information

WebSphere Business Integration for Financial Networks

Software version:
311

Reference #:
PM78775

Modified date:
2012-12-28

PM78775: OU NAME ERRORNOUSLY EXPOSED ON URL AS PARAMETER WHEN TRYING TO GET COGNOS REPORT

A fix is available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R311 PSY

Rate this page:

Copyright and trademark information

Rate this page:

Add comments

Document information

Translate my page

Content navigation

Footer links