APAR status
Closed as user error.
Error description
Found a security issue. On the login screen of maximo you can see the properties file. Ex. If you go to the preview site http://previewmxes.mro.com/maximo/webclient/login/login.jsp and remove from /maximo forward and type in "maximo .properties" http://previewmxes.mro.com/maximo/maximo.properties you will see the maximo properties. Also you can do this with any file within the properties.jar this is a serious security issue for our system.
Local fix
Problem summary
Problem conclusion
Temporary fix
Comments
This is only and issue with Weblogic 8.1.4 and prior weblogic versions. Upgrading to Service pack 6 fixes the defect. Not an issue on Weblogic 9 or WebSphere
APAR Information
APAR number
IZ14233
Reported component name
SECURITY
Reported component ID
5724R46SC
Reported release
621
Status
CLOSED USE
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2008-01-29
Closed date
2008-02-05
Last modified date
2008-02-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCHPNP","label":"Security Groups"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"621","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 February 2008