Direct link to fix
APAR status
Closed as program error.
Error description
Customer's pentesters have found XSS vulnerability inside DASH console. All the information can be found in uploaded "Pentest_report.pdf" - https://ecurep.mainz.de.ibm.com/ae5/#id= TS009806104&path=TS009806104%2F2022-06-28%2F Installed Products Version Details: /opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages -features -long | awk -F\: '{ print $3,$4}' IBM® Installation Manager 1.9.2.2 IBM Tivoli Netcool/OMNIbus 8.1.0.28 Jazz for Service Management extension for IBM WebSphere 8.5 1.1.2.1 IBM WebSphere Application Server 8.5.5.21 8.5.5.10-WS-WASProd-IFPH43148 8.5.5010.20220221_0811 8.5.5.11-WS-WASBundledSDK8-LinuxX64-IFPH43778 8.5.5011.20220228_1236 8.5.5.20-WS-WAS-IFPH43113 8.5.5020.20220221_0944 IBM Dashboard Application Services Hub 3.1.3.13 Netcool Operations Insight Extensions for IBM Tivoli Netcool/OMNIbus Web GUI 8.1.0.26 IBM Tivoli Netcool/OMNIbus Web GUI 8.1.0.26
Local fix
Problem summary
JazzSM 1.1.3.16 address this apar https://www.ibm.com/support/pages/node/6620239
Problem conclusion
JazzSM 1.1.3.16 address this apar https://www.ibm.com/support/pages/node/6620239
Temporary fix
Comments
APAR Information
APAR number
IJ41521
Reported component name
JAZZ SM TIP DAS
Reported component ID
5724C04JD
Reported release
110
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-08-03
Closed date
2022-09-20
Last modified date
2022-09-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAZZ SM TIP DAS
Fixed component ID
5724C04JD
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSRLR8","label":"Tivoli Components"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.0.1"}]
Document Information
Modified date:
20 September 2022