IBM Support

Cross-Site Request Forgery vulnerability identified with Jazz for Service Management(JazzSM) v1.1.3

Troubleshooting


Problem

Cross-Site Request Forgery vulnerability identified with Jazz for Service Management(JazzSM) v1.1.3 Impacted URLs: https://:/ibm/console/contentRender.do https://:/ibm/console/login.do https://:/ibm/console/navigation.do https://:/ibm/console/pa.do https://:/ibm/console/xLaunch.do

Environment

Apply fix on JazzSM 1.1.3/DASH 3.1.3, Cumulative Patch-4 level.

Resolving The Problem

Follow below steps to replace isclite.jar

1. Stop Jazz for Service Management(JazzSM) profile
ex: <JazzSM_HOME>/profile/bin/stopServer.sh server1
2. Move below file in safe location
<JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/isclite.jar
3. Download attached isclite.jar file and copy in below path
<JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/
4. Start JazzSM profile
ex: <JazzSM_HOME>/profile/bin/startServer.sh server1

[{"Product":{"code":"SSRLR8","label":"Tivoli Components"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Jazz for Service Management","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"1.1.3","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2018

UID

swg22010893