Fixes are available
APAR status
Closed as program error.
Error description
using the http interface between the Tivoli Portal client and server an attacker can modify the packets sent, thus changing authority/permission levels for user acounts.
Local fix
Problem summary
If using the http/s interface between the Tivoli Enterpise Portal client and Tivoli Enterprise Portal Server, an malicious attacker can modify the packets sent, thus changing authority/permission levels for user accounts.
Problem conclusion
The APAR fix introduces additional authorization checking by the Tivoli Enterprise Portal Server before any user administration action is performed. The fix for this APAR is contained in the following maintenance packages: | fix pack | 6.3.0-TIV-ITM-FP0007 | provisional fix | 6.3.0-TIV-ITM-FP0006-IV77992 | provisional fix | 6.3.0-TIV-ITM-FP0005-IV77992 | provisional fix | 6.2.3-TIV-ITM-FP0005-IV77992 | provisional fix | 6.2.2-TIV-ITM-FP0009-IV77992 NOTE: The fix for IV77992 requires the patch be installed on the portal server. In addition to this, the patch needs to be installed on the systems where the tacmd CLI is installed and utilized. The CLI is installed as part of the "ue" component.
Temporary fix
Comments
APAR Information
APAR number
IV77992
Reported component name
TEP
Reported component ID
5724C04EP
Reported release
630
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-10-13
Closed date
2017-01-06
Last modified date
2017-01-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TEP
Fixed component ID
5724C04EP
Applicable component levels
R630 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630"}]
Document Information
Modified date:
30 December 2022