IBM Support

IC83240: USER SESSION DOES NOT TIME OUT IF USING FIREFOX VERSION 11 BROWSER.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Description
User session to /dashboard UI is not timed out when using
Firefox version 11 browser.

Local fix

  • Local Fix
STRRTC - 321936
LM / LM
Circumvention: None

Problem summary

  • Users Affected:
All

Problem Description:
Security vulnerability reported for the /dashboard UI user
session is not timed out if using Firefox version 11 browser

Platforms Affected:
All

Problem conclusion

  • Resolution Summary:
The proposed solution is an added configuration parameter which
would disallow login from an unsupported browser. This
parameter  would be normally off, resulting in no change to
current behavior in any browser. When on, an unsupported
browser would not have access to, or use of the login screens.
Consequently, login is prohibited and product secured.
1. Change BROWSER_CONTROL property
in sandbox.cfg to true.
2. Add the regular expression for the types of the browsers to
the property supportedBrowsers separated by comma. Don't change
the types browsers already there. They are for IE and back-end
processing. If you only want to use IE, you don't need to change
any thing to this property
3. Run setup files.sh or setupfiles.cmd
4. Restart the SI.

Delivered In:
5020401

Temporary fix

  • 



Comments


    

  • Published 7/26/12

    



APAR Information




    

  • APAR number
    IC83240
    • 

  • Reported component name
    STR B2B INTEGRA
    • 

  • Reported component ID
    5725D0600
    • 

  • Reported release
    523
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-05-09
    • 

  • Closed date
    2012-06-07
    • 

  • Last modified date
    2012-10-19
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR B2B INTEGRA
    • 

  • Fixed component ID
    5725D0600
    • 



Applicable component levels


    

  • R524  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.3","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            19 October 2012
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback