IBM Support

PM82871: AppScan Enterprise Quick Scan users can add certain settings but not deleting them

 

APAR status

  • Closed as program error.

Error description

  • In IBM Security AppScan Enterprise, a quick user who is allowed
    to modify the advanced configuration in certain template can add
    settings like load-balancing server but not to delete it.
    
    Here are some examples  :
    - Exclude Paths and File ? Overall Exceptions: Quick Scan user
    can add new overall URL exception but not to remove them.
    - Parameter and Cookies ? Normalization Rules: Quick Scan user
    can add new normalization rules but not to delete them.
    - Parameter and cookies , Quick Scan user can modify the
    existing parameters and cookies values by double clicking the
    hyperlink but user cannot add or delete the parameters and
    cookies.
    - cannot delete URL from login sequence
    - what to scan ? additional server and domains , Quick Scan user
    can double click the existing domain and make changes but cannot
    add new domain or delete existing domain
    - what to scan ? additional server and domains, double click
    existing domain, in the load-balancing servers, Quick Scan user
    can add new load-balancing server but cannot delete any.
    - explore options ? parser setting, QS can add patterns but not
    delete
    - Automatic form fill , QS user can disable and enable Auto form
    fill but cannot add/delete/modify any of the form fill value.
    - General Scan Options ? Custom error pages, QS user cannot
    add/delete/modify any custom error pages.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    We have documented in the technical note the details on what
    Quick Scan user can  do with respect to scan configuration,
    and included the limitation descriptions:
    http://www-01.ibm.com/support/docview.wss?uid=swg21639367
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PM82871

  • Reported component name

    SEC APPSCAN ENT

  • Reported component ID

    5724T5200

  • Reported release

    860

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-02-15

  • Closed date

    2013-06-17

  • Last modified date

    2013-06-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SEC APPSCAN ENT

  • Fixed component ID

    5724T5200

Applicable component levels

  • R860 PSN

       UP

[{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.6","Edition":"","Line of Business":{"code":null,"label":null}}]

Document Information

Modified date:
08 September 2020