IBM Support

JR56946: INFORMATION SERVER CONTAINS A PATH-RELATIVE STYLESHEET IMPORT VULNERABILITY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Information Server contains a Path-relative stylesheet import
    vulnerability
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users of Information Server.
    ****************************************************************
    PROBLEM DESCRIPTION:
    Information Server contains a Path-relative stylesheet import
    vulnerability that allows attackers to render a page in qirks
    mode thereby facilitating an attacker to inject malicious CSS.
    ****************************************************************
    RECOMMENDATION:
    Refer to Security bulletin
    http://www.ibm.com/support/docview.wss?uid=swg21995155 for
    actions to perform.
    ****************************************************************
    

Problem conclusion

  • Code fix needed in Information Server framework and DataStage
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR56946

  • Reported component name

    INFO SRVR PLATF

  • Reported component ID

    5724Q3612

  • Reported release

    B50

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-11-17

  • Closed date

    2017-01-09

  • Last modified date

    2017-01-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    INFO SRVR PLATF

  • Fixed component ID

    5724Q3612

Applicable component levels

  • R870 PSY

       UP

  • R912 PSY

       UP

  • RB31 PSY

       UP

  • RB50 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZJPZ","label":"InfoSphere Information Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
14 October 2021