APAR status
Closed as program error.
Error description
In IBM Security AppScan Enterprise, a quick user who is allowed to modify the advanced configuration in certain template can add settings like load-balancing server but not to delete it. Here are some examples : - Exclude Paths and File ? Overall Exceptions: Quick Scan user can add new overall URL exception but not to remove them. - Parameter and Cookies ? Normalization Rules: Quick Scan user can add new normalization rules but not to delete them. - Parameter and cookies , Quick Scan user can modify the existing parameters and cookies values by double clicking the hyperlink but user cannot add or delete the parameters and cookies. - cannot delete URL from login sequence - what to scan ? additional server and domains , Quick Scan user can double click the existing domain and make changes but cannot add new domain or delete existing domain - what to scan ? additional server and domains, double click existing domain, in the load-balancing servers, Quick Scan user can add new load-balancing server but cannot delete any. - explore options ? parser setting, QS can add patterns but not delete - Automatic form fill , QS user can disable and enable Auto form fill but cannot add/delete/modify any of the form fill value. - General Scan Options ? Custom error pages, QS user cannot add/delete/modify any custom error pages.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** We have documented in the technical note the details on what Quick Scan user can do with respect to scan configuration, and included the limitation descriptions: http://www-01.ibm.com/support/docview.wss?uid=swg21639367
Problem conclusion
We have documented in the technical note the details on what Quick Scan user can do with respect to scan configuration, and included the limitation descriptions: http://www-01.ibm.com/support/docview.wss?uid=swg21639367
Temporary fix
Comments
APAR Information
APAR number
PM82871
Reported component name
SEC APPSCAN ENT
Reported component ID
5724T5200
Reported release
860
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-15
Closed date
2013-06-17
Last modified date
2013-06-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SEC APPSCAN ENT
Fixed component ID
5724T5200
Applicable component levels
R860 PSN
UP
[{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.6","Edition":"","Line of Business":{"code":null,"label":null}}]
Document Information
Modified date:
08 September 2020