IT27844: POOR INPUT VALIDATION ON /AUTHORIZE CALL OF OAUTH API
A fix is available
Closed as program error.
When an OAuth API is implemented on the gateway, on the /authorize call when the error query parameter is present an error is thrown back to the TPP (which isn't in sync with the behaviour of adding other non /authorize "random" query params where they are just ignored) and the error value that comes from the query param in the request is used as the error value in the redirect
Fixed input validation on /authorize call of OAuth API.
The fix is in 2018.4.1.1
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels