IBM Support

IT20411: SECURITY VULNERABILITY: LACK OF SUFFICIENT AUTHORIZATION IN MYFILEGATEWAY AND FILEGATEWAY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Sterling File Gateway application does not properly restrict
    user requests based on permission level.
    This allows for users to update data
    related to other users. By manipulating the parameters passed
    in the POST request, a user (user1) was able to change the
    language preferences of user (user2).
    

Local fix

  • None
    
    STRRTC 531109
    KK/KK
    

Problem summary

  • Users Affected:
    All B2Bi users
    
    Problem Description:
    Security Vulnerability: Lack of sufficient authorization in
    Myfilegateway and Filegateway.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Resolution Summary:
    A code fix is provided.
    
    Delivered in:
    5020603_2
    5020602_5
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT20411

  • Reported component name

    STR FILE GATEWA

  • Reported component ID

    5725D0700

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-04-28

  • Closed date

    2017-06-01

  • Last modified date

    2017-09-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR FILE GATEWA

  • Fixed component ID

    5725D0700

Applicable component levels

[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4TGX","label":"IBM Sterling File Gateway"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.2"}]

Document Information

Modified date:
03 March 2021