IBM Support

SQL Injection Problem with WebSphere Partner Gateway Console

Troubleshooting


Problem

WebSphere Partner Gateway (WPG) SQL Injection problem.

Resolving The Problem

There is a data integrity concern in WebSphere Partner Gateway console, while working with both Oracle and DB2 databases. It is recommended that all WebSphere Partner Gateway customers apply the fix to avoid SQL injection through WebSphere Partner Gateway console.

The WPG console server would need to be restarted after applying this fix.

This fix has not been built separately for WebSphere Partner Gateway v6.1.0 and WebSphere Partner Gateway v6.0, but will be available in the forthcoming Fixpack release.

Note : The fix on WPG 6.2 was refreshed on 11th June 2009 for APAR JR33176 as it was not getting applied on installation of WPG on non-default WPG Cell. Customer's who have already successfully applied the fix released on April 28th and are using default WPG Cell, need not re-apply the fix.

The downloadable of this fix is available for the following WebSphere Partner Gateway releases:

WebSphere Partner Gateway ReleaseFix Availability DateRecommended Action.
WebSphere Partner Gateway v6.1.1. FP1

(WPG v6.1.1 FP1 GA level ONLY)
April 28th, 2009.1. Download fix along with instructions to apply JR32386 fix.
WebSphere Partner Gateway v6.2

(WPG v6.2 GA + WPG v6.2 iFix - JR31639 level ONLY)
April 28th, 2009.

Refreshed on 11th June 2009, added changes for APAR JR33176.
Fix for WPG v6.2 needs to be applied using Update Installer.

1. Download and follow instructions on using Update Installer for WPG 6.2.
2. Revised on 10th June, 2009 to include JR33176 fix, applicable for WPG v6.2 installed on existing cell.
3. Download fix along with instructions to apply JR32607 and JR33176

Note: Customers are requested to contact IBM support and request a special re-build, when any of the below criteria matches for WebSphere Partner Gateway installation.
  1. The WebSphere Partner Gateway release level is other than WPG v6.1.1 FP1 or WPG v6.2 + WPG v6.2 iFix (JR31639)

  2. Any other APAR fixes are already applied on WPG v6.1.1. FP1 or WPG v6.2 + WPG v6.2 iFix (JR31639) levels.


The table below lists the fix APAR numbers corresponding to each of WPG releases.

Release
APAR Number
WPG 600
JR32608
WPG 610
JR32609
WPG 611
JR32386
WPG 620
JR32607 ( JR33176 )

[{"Product":{"code":"SSDKJ8","label":"WebSphere Partner Gateway Enterprise Edition"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.0;6.0.0.1;6.0.0.2;6.0.0.3;6.0.0.4;6.0.0.5;6.0.0.6;6.0.0.7;6.1;6.1.0.1;6.1.0.2;6.1.1;6.1.1.1;6.2","Edition":"Advanced;Enterprise","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSDKKW","label":"WebSphere Partner Gateway Advanced Edition"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Linux on Power"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.0.0;6.0.0.1;6.0.0.2;6.0.0.3;6.0.0.4;6.0.0.5;6.0.0.6;6.0.0.7;6.1.0;6.1.0.1;6.1.0.2;6.1.1;6.1.1.1;6.2.0","Edition":"Advanced","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

Document Information

Modified date:
16 June 2018

UID

swg21382117