IBM Support

IT27844: POOR INPUT VALIDATION ON /AUTHORIZE CALL OF OAUTH API

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When an OAuth API is implemented on the gateway, on the
    /authorize call when the error query parameter is present an
    error is thrown back to the TPP (which isn't in sync with the
    behaviour of adding other non /authorize "random" query params
    where they are just ignored) and the error value that comes
    from the query param in the request is used as the error value
    in the redirect
    

Local fix

  • N/A
    

Problem summary

  • Fixed input validation on /authorize call of OAuth API.
    

Problem conclusion

  • The fix is in 2018.4.1.1
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT27844

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    770

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-01-22

  • Closed date

    2019-01-22

  • Last modified date

    2019-01-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R18X PSY

       UP

  • R770 PSY

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 770

Reference #: IT27844

Modified date: 22 January 2019