IBM Support

IT00914: REFLECTED XSS VULNERABILITIES IN WEBGUI

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The WebGUI interface might be vulnerable to reflected cross-site
    scripting attacks.
    

Local fix

Problem summary

  • Security improvements to the DataPower WebGUI URL handling.
    .
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT00914

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    402

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-04-08

  • Closed date

    2014-07-01

  • Last modified date

    2014-08-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R500 PSY

       UP

  • R600 PSY

       UP

  • R601 PSY

       UP

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCXUFY","label":"General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.0.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
05 August 2014