IBM Support

IV97281: MALICIOUS FILE UPLOADS POSSIBLE BY BYPASSING JAVASCRIPT VALIDATION AFTER PROPERTIES ARE SET TO RESTRICT EXE FILE

Direct links to fixes

3.5.2-TIV-TAP-FP003-WIN
3.5.2-TIV-TAP-FP003-README
3.5.2-TIV-TAP-FP003-LIN
3.5.2-TIV-TAP-FP003-AIX

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • Malicious file uploads possible by bypassing Javascript
validation even after the appropriate properties are set to
restrict exe files

Local fix

  • 



Problem summary


    

  • Need to resolve an issue were malicious files can be uploaded
via Document Upload bypassing the client side validation.

    



Problem conclusion


    

  • Resolved an issue were malicious files can be uploaded via
Document Upload bypassing the client side validation.
This is targeted to the 1h2017 Release as well as the 3.5.2.3
fix pack.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV97281
    • 

  • Reported component name
    TRI APP PLTFM R
    • 

  • Reported component ID
    5725F26RE
    • 

  • Reported release
    352
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-06-16
    • 

  • Closed date
    2017-06-26
    • 

  • Last modified date
    2017-06-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • 999

    



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHEB3","label":"IBM TRIRIGA Application Platform"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"352","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 March 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback