Fixes are available
APAR status
Closed as duplicate of another APAR.
Error description
It was observed that one of the data power SOAP API calls is revealing Base64 encoded username and password in response headers. Sensitive information can range from user information such as login credentials, social security numbers, address, and account numbers to how an application is configured and structured. If an application discloses any of this information publicly, it can be catastrophic to its users, developers, and the company. An attacker can use the information to social engineer the users or site administration. An attacker could also use the information to corelate to certain available exploits which to the application's database or web server might be vulnerable.
Local fix
Problem summary
Problem conclusion
Temporary fix
Comments
This APAR is a duplicate of IT26030
APAR Information
APAR number
IT27275
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
760
Status
CLOSED DUB
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-11
Closed date
2019-01-08
Last modified date
2019-01-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"760"}]
Document Information
Modified date:
27 September 2021