IBM Support

IT15634: Security Vulnerability: FILE PATH TRAVERSAL VULNERABILITIES ARISE WHEN USER-CONTROLLABLE DATA IS USED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Typically, a filename is appended to a directory
    prefix to read or write the contents of the file. If
    vulnerable, an attacker can supply path traversal sequences
    (using dot-dot-slash characters) to break out of the intended
    directory and read or write files elsewhere on the filesystem.
    

Local fix

  • STRRTC - 497338 HAB
    

Problem summary

  • Users Affected:
    All
    
    Problem Summary:
    File path traversal vulnerabilities arise when user-controllable
    data is used.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Fix Description:
    A code fix is provided.
    
    Delivered In:
    5020500_14
    5020601_7
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT15634

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    525

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-06-08

  • Closed date

    2016-09-26

  • Last modified date

    2017-04-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

  • R525 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.5","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

Document Information

Modified date:
14 April 2017