IBM Unica Marketing Operations 8.5.0 Interim Fixes

Downloadable files


Abstract

This page shows the interim fixes for IBM Unica Marketing Operations.

Download Description

Product: IBM Marketing Operations
Version: 8.5.0.7 IF02 GA Release
Date: April 13, 2015

List of Fixes:


(APAR PO03923, Defect 171998)
Users able to manipulate the file names in the Marketing Operations url and access system files on
the server. This is a path traversal security vulnerability. This issue is fixed.

(APAR PO02715, Defect 156840)
Users were able to upload potentially malicious files within Marketing Operations. This issue is
fixed.

(Defect 173542)
Cross-site scripting vulnerabilities found in appscan of Marketing Operations.
Scenarios vulnerable to cross Site scripting mentioned in the defect are fixed.

Prerequisites


Base Product Version Dependency:
This fix pack requires IBM Marketing Operations 8.5.0.7.0 or 8.5.0.7.1


Other Product Version Dependencies:
IBM EMM Marketing Operations requires all IBM Products version 8.5.0.7.
IBM recommends that fix pack version of all Products be at the same level.

Installation Instructions

  1. IBM Marketing Operations base version 8.5.0.7 is up and running.
  2. Ensure that all users are logged out.
  3. IBM Marketing Platform 8.5.0.7 must be installed in 8.5.0.7 installation directory.
  4. Stop the IBM Marketing Operations application and all applications that are deployed with it (i.e. all applications that are deployed in the same unica.ear file). Also, stop all other EMM components, if any.
  5. Undeploy the plan.war application from the application server.
  6. IMPORTANT: Stop the application server and clean the application server cache.
  7. IMPORTANT: Make a backup of the Marketing Operations database and Marketing Operations install directory.


Installation Instructions
  1. Copy the UMO_file_Upload_Configuration.xml file to your <Platform_Home>/conf.
  2. Open Command promt/Shell and go to <Platform_Home>/tools/bin.
  3. Run below command.
    configTool -i -p "Affinium|Plan|umoConfiguration" -f ..\..\conf\UMO_file_Upload_Configuration.xml
  4. Restart IBM Marketing Platform Server.
  5. Deploy the plan.war shipped as part of this interim fix on application server.
  6. Start the IBM Marketing Operations Application and all applications that are deployed with it (i.e. all applications that are deployed in the same unica.ear file). Also start all other EMM components, if any.
  7. Restart the Application Server.

Configuration Changes

To enable file upload validation (Defect 156840) fix, set the below configuration parameter in IBM EMM Marketing Platform to true.

Affinium|Plan|umoConfiguration|fileUpload|validateFileUpload

Download package

Files included in this Interim fix

IBM Marketing Operations:
1. plan.war
2. UMO_file_Upload_Configuration.xml


Document information


More support for:

IBM Marketing Operations

Software version:

8.5

Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:

4034703

Modified date:

2015-04-19

Translate my page

Content navigation