This page shows the interim fixes for IBM Unica Marketing Operations.
Product: IBM Marketing Operations
Version: 220.127.116.11 IF02 GA Release
Date: April 13, 2015
List of Fixes:
(APAR PO03923, Defect 171998)
Users able to manipulate the file names in the Marketing Operations url and access system files on
the server. This is a path traversal security vulnerability. This issue is fixed.
(APAR PO02715, Defect 156840)
Users were able to upload potentially malicious files within Marketing Operations. This issue is
Cross-site scripting vulnerabilities found in appscan of Marketing Operations.
Scenarios vulnerable to cross Site scripting mentioned in the defect are fixed.
Base Product Version Dependency:
This fix pack requires IBM Marketing Operations 18.104.22.168.0 or 22.214.171.124.1
Other Product Version Dependencies:
IBM EMM Marketing Operations requires all IBM Products version 126.96.36.199.
IBM recommends that fix pack version of all Products be at the same level.
- IBM Marketing Operations base version 188.8.131.52 is up and running.
- Ensure that all users are logged out.
- IBM Marketing Platform 184.108.40.206 must be installed in 220.127.116.11 installation directory.
- Stop the IBM Marketing Operations application and all applications that are deployed with it (i.e. all applications that are deployed in the same unica.ear file). Also, stop all other EMM components, if any.
- Undeploy the plan.war application from the application server.
- IMPORTANT: Stop the application server and clean the application server cache.
- IMPORTANT: Make a backup of the Marketing Operations database and Marketing Operations install directory.
- Copy the UMO_file_Upload_Configuration.xml file to your <Platform_Home>/conf.
- Open Command promt/Shell and go to <Platform_Home>/tools/bin.
- Run below command.
configTool -i -p "Affinium|Plan|umoConfiguration" -f ..\..\conf\UMO_file_Upload_Configuration.xml
- Restart IBM Marketing Platform Server.
- Deploy the plan.war shipped as part of this interim fix on application server.
- Start the IBM Marketing Operations Application and all applications that are deployed with it (i.e. all applications that are deployed in the same unica.ear file). Also start all other EMM components, if any.
- Restart the Application Server.
To enable file upload validation (Defect 156840) fix, set the below configuration parameter in IBM EMM Marketing Platform to true.
Files included in this Interim fix
IBM Marketing Operations: