IBM Support

PH09198: SECURITY ERRORS FOR CATEGORY 1 TRANSACTIONS: CXRE & CXCU DFHXS1111 ISSUED FOR CATEGORY 3 TRANSACTIONS

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Category 1 transactions: CXRE & CXCU are not being
    handled correctly and users may see security violation errors
      ICH408I DFHXS1111 DFHAC2003
    due to the category 1 list length being incorrectly calculated.
    As a consequence the length is short by 8 bytes and the last 2
    transactions don't get checked.  A similar problem applies to
    the Category 3 transactions as well.
    .
    The affected Category 3 transactions are CXRT and CSXM.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS Users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Security errors for category 1          *
    *                      transactions CXRE and CXCU.             *
    ****************************************************************
    When starting up a CICS region with security enabled, the
    region user id will be checked to see if it has the authority
    to run all category 1 transactions. The category 1 transactions
    list is copied into XS domain anchor block, but the length of
    the transactions list is incorrectly calculated, short by 8
    bytes. As a consequence the last 2 transactions are not checked
    at start up.  This can lead to an unexpected security violation
    at runtime if CXRE or CXCU are used.
    
    The length of category 3 transactions list is also incorrectly
    calculated in XS domain anchor block.
    

Problem conclusion

  • DFHXSDM has been changed to make sure the length of category 1
    and category 3 transactions list are correctly calculated in XS
    domain anchor block.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH09198

  • Reported component name

    CICS TS Z/OS V5

  • Reported component ID

    5655Y0400

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-03-04

  • Closed date

    2019-05-09

  • Last modified date

    2019-06-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI62938 UI62939

Modules/Macros

  • DFHXSDM
    

Fix information

  • Fixed component name

    CICS TS Z/OS V5

  • Fixed component ID

    5655Y0400

Applicable component levels

  • R100 PSY UI62938

       UP19/05/11 P F905 ¢

  • R200 PSY UI62939

       UP19/05/15 P F905 ¢

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
13 June 2019