Direct links to fixes
APAR status
Closed as program error.
Error description
Sterling File Gateway application does not properly restrict user requests based on permission level. This allows for users to update data related to other users. By manipulating the parameters passed in the POST request, a user (user1) was able to change the language preferences of user (user2).
Local fix
None STRRTC 531109 KK/KK
Problem summary
Users Affected: All B2Bi users Problem Description: Security Vulnerability: Lack of sufficient authorization in Myfilegateway and Filegateway. Platforms Affected: All
Problem conclusion
Resolution Summary: A code fix is provided. Delivered in: 5020603_2 5020602_5
Temporary fix
Comments
APAR Information
APAR number
IT20411
Reported component name
STR FILE GATEWA
Reported component ID
5725D0700
Reported release
220
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-04-28
Closed date
2017-06-01
Last modified date
2017-09-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR FILE GATEWA
Fixed component ID
5725D0700
Applicable component levels
[{"Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4TGX","label":"IBM Sterling File Gateway"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.2"}]
Document Information
Modified date:
03 March 2021