IBM Support

IT14936: A VULNERABILITY IN CROSS-SITE REQUEST FORGERY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Vulnerability fix related to Cross Site Request Forgery (CSRF)
    and Ability To Bypass Business Logic
    

Local fix

  • N/A
    

Problem summary

  • DataPower WebGUI 7.2 and above users.
    Security improvements for Web GUI to prevent cross site
    scripting and CSRF attacks, as well as prevent unautorized
    login attempts, password changes and showing passwords in
    plaintext.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT14936

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-05-03

  • Closed date

    2016-06-07

  • Last modified date

    2016-09-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • 0
    

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R750 PSY

       UP

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.0"}]

Document Information

Modified date:
25 September 2021