Fixes are available
APAR status
Closed as program error.
Error description
jackson-core-asl-1.8.1.jar is exposed to National Vulnerability Database CVE-2016-3720 (CVSS score: 9.8, Date: 06/10/2016): XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
Local fix
Problem summary
jackson-core-asl-1.8.1.jar is exposed to National Vulnerability Database CVE-2016-3720 (CVSS score: 9.8, Date: 06/10/2016): XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson allows attackers to have unspecified impact via unknown vectors.
Problem conclusion
The jackson-core-asl library has been upgraded.
Temporary fix
Comments
APAR Information
APAR number
RS02592
Reported component name
WS DECISION CTR
Reported component ID
5725B6900
Reported release
880
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-12-13
Closed date
2017-06-13
Last modified date
2017-06-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Fixed component name
WS DECISION CTR
Fixed component ID
5725B6900
Applicable component levels
R880 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"880","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
03 November 2021