APAR status
Closed as program error.
Error description
WorkplaceXT doesn't validate the redirect urls before redirecting. This can lead to an open redirect vulnerability.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Users using WorkplaceXT. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to 1.1.5.2-WPXT-LA011. * ****************************************************************
Problem conclusion
The problem is fixed in 1.1.5.2-WPXT-LA011.
Temporary fix
Comments
APAR Information
APAR number
PJ43064
Reported component name
WORKPLACE XT
Reported component ID
5724R7611
Reported release
115
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-03-11
Closed date
2017-05-19
Last modified date
2017-05-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WORKPLACE XT
Fixed component ID
5724R7611
Applicable component levels
R115 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSB28R","label":"FileNet Workplace XT"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"115","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
23 March 2023