PM62623: Tools;DXL Library menu gives users without DXL run powers ability to run custom code
A fix is available
Closed as program error.
By default, custom menus are created in DOORSHOME\lib\dxl\addins\. There is a sample in there which can be run by selecting the "User;Example user function" menu. It can also be run by selecting the Tools;DXL Library menu, expanding "User defined DXL library" and then either double-clicking or "User function" or by selecting it and clicking run. If DXL security is enabled, and the DXL home and addins paths are located elsewhere, the menu entry is correctly updated, but the DXL run via the DXL Library menu option is still the local version. Furthermore, if the user doesn't have "Edit DXL" powers, they can still run the code (the local version, which has now been potentially maliciously modified) by double-clicking it in the DXL Library.
The code has been changed so that the behaviour is as expected when the appropriate DXL powers are set
This happens in versions of DOORS prior to DOORS 18.104.22.168
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels