APAR status
Closed as program error.
Error description
In this instance, Sterling File Gateway - the password change functionality fails to issue a new session identifier. Reusing the same session identifier after an access control change occurs can potentially allow for unintended access or session fixation issues.
Local fix
STRRTC - B2BISFG-54833 BD / BD Circumvention: None / workaround
Problem summary
Users Affected: All customers using filegateway Problem Description: mysfgjsessionID should change between an unauthenticated and authenticated session. Platforms Affected: All
Problem conclusion
Resolution Summary: A code fix is provided. The issue has been fixed. Now the sessionid should change after authentication. Delivered in: 6000304 6010002
Temporary fix
Comments
APAR Information
APAR number
IT35212
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
603
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-12-09
Closed date
2021-02-23
Last modified date
2021-03-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"603"}]
Document Information
Modified date:
16 March 2021