IBM Support

IJ26167: THE QNI SMTP INSPECTOR CAN FAIL TO SHOW ALL RECIPIENT EMAIL ADDRESSES FOR SMTP CONTENT FLOWS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • In unencrypted SMTP flows, the Recipient User field is shown as
    some variation of "undisclosed" which is derived from the mail
    header instead of the the recipient email address.  This type
    of field in the mail header is used for both valid masking and
    malicious activities.
    The actual recipient (RCPT TO) in these instances can be viewed
    in the Standard Flow's Payload field provided it's position in
    the flow does not exceed that of the bytes in the payload that
    is extracted.
    

Local fix

  • Contact Support for a possible workaround that might address
    this issue in some instances.
    

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 7.4.3.
    

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 7.4.3.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ26167

  • Reported component name

    QR INCIDENT FOR

  • Reported component ID

    5725QIFSW

  • Reported release

    730

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-07-10

  • Closed date

    2021-05-25

  • Last modified date

    2021-05-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QR INCIDENT FOR

  • Fixed component ID

    5725QIFSW

Applicable component levels

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SS6E69","label":"IBM QRadar Network Insights"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730"}]

Document Information

Modified date:
26 May 2021