Direct links to fixes
7.0.0.9 for Developer Express
7.0.0.9 for Developer Professional
7.0.0.9 for Developer Enterprise
7.0.0-WS-WCServer-FP009
WebSphere Commerce Version 7.0.0.7 Fix Pack
WebSphere Commerce Version 7.0.0.9 Fix Pack
JR46776 - Security APAR CVE-2013-0566: Resolve Cross-Site Scripting (XSS) security vulnerabilities in the tooling pages
APAR status
Closed as program error.
Error description
If the comma character (,) is used for defining SKUs and if such SKUs are used while creating product level promotions, the promotion creation UI fails to resolve these SKUs.
Local fix
Problem summary
USERS AFFECTED: Business users who use Accelerator to create promotions PROBLEM ABSTRACT: While creating a product level promotion using WebSphere Commerce Accelerator, if a SKU with a comma in it is entered, the promotion creation UI fails to validate the SKUs. BUSINESS IMPACT: Product level promotions cannot be created for the affected SKUs RECOMMENDATION:
Problem conclusion
The promotion creation UI code was updated for WebSphere Commerce Accelerator to encode the SKUs during the SKU validation request, ensuring that the entire SKU gets transferred as part of the request. ------------------------------------------------------------- The latest available maintenance information can be obtained from the Recommended Fixes for WebSphere Commerce technote: http://www.ibm.com/support/docview.wss?rs=3046&uid=swg21261296
Temporary fix
Comments
APAR Information
APAR number
JR43400
Reported component name
WC BUS EDITION
Reported component ID
5724I3800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-07-11
Closed date
2012-09-06
Last modified date
2012-09-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WC BUS EDITION
Fixed component ID
5724I3800
Applicable component levels
R700 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
06 September 2012