IBM Support

IT32906: CROSS-SITE SCRIPTING VULNERABILITY - /FILEGATEWAY/SMARTCLIENTRPC.DO

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Cross-Site Scripting Vulnerability in Sterling File Gateway page
    when replaying the files.
    

Local fix

  • B2BISFG-52369
    

Problem summary

  • Users Affected:
    All
    
    Problem Description:
    Cross-Site Scripting when replaying a file adds a
    script as part of the comment in the replay dialog box. When
    hovering over the comment, the script can get executed.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Resolution Summary:
    A code fix is provided.
    
    Delivered in:
    5020603_15
    6000005
    5020605_3
    6000303
    6000203
    6010001
    6000006
    5020603_15
    5020605_4
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT32906

  • Reported component name

    STR FILE GATEWA

  • Reported component ID

    5725D0700

  • Reported release

    226

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-05-18

  • Closed date

    2020-06-30

  • Last modified date

    2021-05-21

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR FILE GATEWA

  • Fixed component ID

    5725D0700

Applicable component levels

[{"Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4TGX","label":"IBM Sterling File Gateway"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.2"}]

Document Information

Modified date:
22 May 2021