IBM Support

RS02535: 19745: UNAUTHORIZED ACCESS TO JAVA SERVLETS SOURCE CODE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A user having lower privileges with Business User role can
    successfully retrieved the contents of the "web.xml" file as
    well as the contents of all the files in the WEB-INF directory
    The security issue occurs for URLS that serve a servlet that
    extent IntelliTextEditorServlet class (/s/BRLEditor,
    /s/MetricsEditor/, /s/KbiEditor/, etc... on BC side, and with
    /DecisionTableEditor/ and /BrlEditor in EC Side)
    

Local fix

Problem summary

  • Too large restriction on package permissions in the decision
    table web editor is creating this problem
    

Problem conclusion

  • The code is fixed
    

Temporary fix

Comments

APAR Information

  • APAR number

    RS02535

  • Reported component name

    WS DECISION CTR

  • Reported component ID

    5725B6900

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-10-12

  • Closed date

    2016-10-30

  • Last modified date

    2016-10-30

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • 999
    

Fix information

  • Fixed component name

    WS DECISION CTR

  • Fixed component ID

    5725B6900

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 November 2021