IBM Support

JR50837: POSSIBILITY OF INJECTING SCRIPT CODE IN A SNAPSHOT ID FIELD

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The customer who reported this provided a "Burp" scan. It showed
    that the customer is trying to inject script code in a snapshot
    id field.
    

Local fix

Problem summary

  • Affect products,
    IBM Business Process Manager (BPM) Advanced
    
    IBM BPM Standard
    
    IBM BPM Express
    

Problem conclusion

  • A fix is available for IBM BPM 8.5.0.1. On Fix Central
    (http://www.ibm.com/support/fixcentral), search for JR50837:
    
        1. Select IBM Business Process Manager with your edition
    from the product selector, the installed version to the fix pack
    level, and your platform, and then click Continue.
        2. Select APAR or SPR, enter JR50837, and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR50837

  • Reported component name

    BPM STANDARD

  • Reported component ID

    5725C9500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-07-23

  • Closed date

    2014-08-27

  • Last modified date

    2014-08-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
27 August 2014