APAR status
Closed as program error.
Error description
XSS attacks may be used to present content to a user with the intention of redirecting the user to a malicious website. XSS attacks may also be used to steal a user s session details giving an attacker the ability to hijack the user s session. The tar-geted user must be authenticated when accessing the URL.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** XSS attacks may be used to present content to a user with the intention of redirecting the user to a malicious website. XSS attacks may also be used to steal a user s session details giving an attacker the ability to hijack the user s session. The tar-geted user must be authenticated when accessing the URL.
Problem conclusion
This is fixed in 7.1.3.
Temporary fix
Comments
APAR Information
APAR number
PM38059
Reported component name
BUILD FORGE EE
Reported component ID
5724S2701
Reported release
712
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-04-29
Closed date
2011-08-31
Last modified date
2011-08-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BUILD FORGE EE
Fixed component ID
5724S2701
Applicable component levels
R712 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSB2MV","label":"Rational Build Forge"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 August 2011