APAR status
Closed as program error.
Error description
Environment: TEP - all supported platforms and deployment modes. Problem Description: The TEP client uses an embedded browser component named WebRenderer, which is licensed from JadeLiquid. When communicating with a web server, this component is sending the following User-Agent request header string: "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0) Gecko/20100101 Firefox/4.0" The version of Firefox referenced in the string above is no longer supported. ITM customers are now configuring their Web servers and associated proxies (e.g., firewalls) to inspect this User-Agent value to ensure that the identified User-Agent complies with their security requirements.
Local fix
See SF case TS003108762 for instructions on how to re-configure the TEP client to update the User-Agent request header string using a supported system property. Related Files and Output: /ecurep/sf/TS003/108/TS003108762/
Problem summary
TEP EMBEDDED BROWSER COMPONENT USING OUT-OF-DATE USER-AGENT The TEP client uses an embedded browser component library to communicate with web servers. This component is sending the following User-Agent string in the request header: "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0) Gecko/20100101 Firefox/4.0" The version of 'Firefox' referenced in the string above is no longer supported by Mozilla. ITM customers are now configuring their Web servers and associated proxies (e.g., firewalls) to inspect this User-Agent value to ensure that the identified User-Agent complies with their security requirements. Because the value of this User-Agent string implies an non-supported version (with possible security vulnerabilities), customer Web servers and associated proxies are disallowing successful connections between the TEP browser view and the servers managing the web content.
Problem conclusion
The User-Agent string was updated to reflect a more current level: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/71.0" The fix for this APAR is contained in the following maintenance packages: | service pack | 6.3.0.7-TIV-ITM-SP0005
Temporary fix
Comments
APAR Information
APAR number
IJ21690
Reported component name
TEP
Reported component ID
5724C04EP
Reported release
630
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-12-17
Closed date
2020-07-30
Last modified date
2020-07-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TEP
Fixed component ID
5724C04EP
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
08 March 2023