IBM Support

PH01328: CODE INJECTION VULNERABILITY IN CA 11.0.11

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as fixed if next.

Error description

  • An Alert box will open showing "DOH" which proves the JS code
    embedded in the name was executed. This states a CSRF in the
    "select tenant" page.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All Users                                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to IBM Cognos Analytic 11.0.13.0                     *
    ****************************************************************
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PH01328

  • Reported component name

    COG WRKSPC

  • Reported component ID

    5724W12BI

  • Reported release

    B09

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-08-03

  • Closed date

    2018-11-02

  • Last modified date

    2018-11-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels



Document information

More support for: Cognos Business Intelligence
Cognos Workspace

Software version: B09

Reference #: PH01328

Modified date: 02 November 2018


Translate this page: