IBM Support

IT35212: THE APPLICATION FAILED TO INVALIDATE THE SESSION IDENTIFIER WHENAN ACCESS CONTROL CHANGE OCCURS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • In this instance, Sterling File Gateway - the password change
functionality fails
to issue a new session identifier. Reusing the same session
identifier after an access control change occurs can
potentially allow for unintended access or session fixation
issues.

Local fix

  • STRRTC - B2BISFG-54833
BD / BD
Circumvention: None /
workaround

Problem summary

  • Users Affected:

All customers using filegateway

Problem Description:

mysfgjsessionID should change between an unauthenticated and
authenticated session.



Platforms Affected:

All

Problem conclusion

  • Resolution Summary:

A code fix is provided.

The issue has been fixed. Now the sessionid should change after
authentication.





Delivered in:

6000304
6010002

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT35212
    • 

  • Reported component name
    STR B2B INTEGRA
    • 

  • Reported component ID
    5725D0600
    • 

  • Reported release
    603
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-12-09
    • 

  • Closed date
    2021-02-23
    • 

  • Last modified date
    2021-03-15
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR B2B INTEGRA
    • 

  • Fixed component ID
    5725D0600
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"603"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            16 March 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback